This is an additional security measure where we prevent direct root logins and instead create a user to login and then use a command ‘su –‘ to gain root privileges. The only risk in this procedure is that you may prevent root login but forget to add the user to the wheel group - effectively locking yourself out of the system. Follow the steps below and you will not face a problem. STEP 1: Let us create a user and add it to the wheel group. For e.g. we want to create a user neonix and give him root privileges. SSH into your server as root and follow the below commands to create a user. groupadd neonix useradd neonix –gneonix passwd neonix enteryouruserpasswordhere verifyyouruserpasswordhere // Please note -g in the second line // You can replace neonix with any username of your choice. STEP 2: Add user to wheel group. Use your browser to Login to your WHM panel and click on Manage Wheel Group Users. You will see the user you just added (neonix). Select the user and click ‘Add to group’. You will see that the user has been added – Users Currently in the wheel group root,neonix You have successfully added a user to the 'wheel' group who will be able to 'su -' to root. LOGOUT OF SSH Before we disable root login, let us check if the user can login and su – to gain root privileges. SSH into your server as 'neonix' Login as: neonix Password : enteryouruserpasswordhere su – password: enter root password here You have successfully logged in and have root privileges. Now let us disable root login. STEP 3: Disable Direct Root Login (The below steps are from webhostgear.com) 1. Copy and paste this line to edit the file for SSH logins pico -w /etc/ssh/sshd_config 2. Find the line Protocol 2, 1 3. Uncomment it (Remove #) and change it to look like Protocol 2 4. Next, find the line PermitRootLogin yes 5. Uncomment it (Remove #) and make it look like PermitRootLogin no 6. Save the file Ctrl+X then Y then enter 7. Now you can restart SSH /etc/rc.d/init.d/sshd restart Now, no one will be able to login to root with out first logging in as 'neonix' and 'su -' to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!
As an additional security measure one can also switch the port number for ssh connections from 22 to something else. #Port 22 Code (markup): Uncomment and change value 22 to something else (be careful not to conflict with some other server process)
If someone is not much familiar with SSH commands I have written a post of basic commands for it. It can be found at : http://www.keralpatel.com/using-ssh-and-its-commands/