I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would’ve thought that it would be reflected in /var/log/auth.log. Instead, it shows up as failed password entry. Is this intended?

What I’ve done is to uncomment the PermitRootLogin no line in /etc/ssh/sshd_config. Rest of the config file is left at default.

Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?

  • siph@feddit.de
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    What @StarkZarn said is correct. Just one more thing: Did you reload/restart the sshd service after changing the configuration? If so you should be good.

    • cyberwolfieOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Yes, this is something I did when setting up the server some time ago, and as a step in the process I rebooted the system after changing the config.