That's the safest way to allow root access for yourself, and not for the millions
of hostile attackers who are eyeing your system at this very moment.
Securing Root Access
You might already be set up to use sudo . Log in to your server and try running
some simple command (like id , which just reports who you are) using sudo :
Remote $ sudo id
[sudo] password for andy:
It worked! This machine is already set up so that I can sudo . But on a machine
that isn't set up, you'll get this scary warning:
andy is not in the sudoers file. This incident will be reported.
Yikes! Sounds like the cops will come after us. Have no fear: it's only logging
the attempt to a log file. All it means is that you have to add your name to
the permissions file for sudo .
To do that, log in as root and add the following line to the bottom of the file
/etc/sudoers ( nano is a convenient editor to use over SSH; we'll cover how to install
that and more in the next section):
But use your username, not “andy”—unless your username actually is Andy.
Save the file and try to use sudo again.
Once you can successfully ssh in without a password, and you can use sudo
to do things as root, then you can turn off the use of passwords and not allow
root to ssh in directly.
Now obviously that sounds a little dangerous, as you could accidentally lock
yourself out of the computer. To help prevent that, open one window and log
in to your server as root. Leave that window open and leave it alone, then
open a second window to start changing settings. In case you mess up and
can't log in or sudo for some reason, you have this window still open—as root,
the Great and Powerful—as a backup.
In your new window, log in as root and edit the file /etc/ssh/sshd_config . You want
to find these two lines and uncomment them, or change them to read no :