Server Archives • Page 5 of 5 • Linux Tips

Prevent SSH Root Login

Today’s article will tell you how, and why you’d want to, disable root login via SSH. It’s actually a brief article and approachable by even a beginner with SSH. If you have SSH enabled, then you may want to make sure to do this.

In some cases, like Ubuntu, the root account is disabled by default. That’s generally a good thing. In that case, this article may be important to you if you’ve enabled root login. This article may also be of interest for those who have changed the port SSH uses. Even if logging in as root is already disabled, it won’t hurt to disable it via SSH. Even if the port has been changed, disabling SSH root login won’t hurt.

So, why would you want to disable root login for SSH? Well, it’s a known account – meaning ‘root’ is pretty standard across the distros. An attacker already has half the information – the name of the account. It’s also an account that has the keys to the kingdom. If you have control of the root account, you have complete control of the system. This is fine if it’s your system and you with the root account, it’s less appreciated when it’s someone else that has control of your devices.

This article is actually pretty easy and is a step I suggest everyone take. What it does is it prevents root login via SSH entirely. It’s a simple step to make your computer more secure by preventing SSH root login. You can still login with other accounts and use sudo, so it’s really not limiting your ability to control the system.

Prevent SSH Root Login:

Like many other articles on this site, this one needs an open terminal. You can open your terminal with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Once you have your terminal open, enter the following command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

Once that’s open, you’re looking for #PermitRootLogin no. When you find that line, you simply want to remove the # symbol. The end result should look like this:

PermitRootLogin no

1	PermitRootLogin no

In some default configurations, you may see #PermitRootLogin prohibit-password instead. If you uncomment that line, you could still login as root – you just can’t login with a password and would have to use a key like in this article about SSH keys.

In that case, when the line doesn’t exist or is changed, you can just add the line yourself. It won’t hurt anything and will still work. So, just find a blank section in the config file, add a new blank line, and then add the PermitRootLogin no like above.

Once you’re done, you need to save the file. As we’re using nano, you do that by pressing CTRL + X, then Y, and then ENTER. That should save the file with the correct name.

Finally, you will want to reload SSH. That’s easy enough, you reload SSH with the following command:

sudo systemctl reload sshd

1	sudo systemctl reload sshd

That’s it, that’s all you need to do! Once you’ve done that, and you can test it yourself. You shouldn’t be able to login to SSH with the root account, which is a pretty solid security idea. If you can’t login as root, nobody else should be able to login as root.

By the way, if you decide you want to undo this – just go back into the config file and add a # at the start of the line, save it, and restart the sshd daemon.

Closure:

That’s it. Thanks for reading yet another article! This one is pretty quick and easy, plus it will help you increase your server’s security. There really aren’t many reasons to have SSH root login enabled, and disabling it completely removes that attack vector.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Find Your Timezone In The Terminal

This article is about your system time, specifically how to find your timezone in the terminal. It shouldn’t be a very long article and it should be relatively easy and suitable for new Linux users.

Why would you want to find your timezone in the terminal? Well, for starters you may not have the proper time set and need to verify it. You may also be working with servers scattered across the globe and knowing the timezone may be important.

As you may need things synchronized, knowing the timezone could be important. Seeing as you’re not always able to access a GUI desktop, you might want to find your timezone in the terminal. So, to those end, this article will share a few ways to do so.

Find Your Timezone In The Terminal:

Obviously, this article requires an open terminal. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. If you’re operating remotely, you probably already have a terminal open.

Anyhow, there are multiple ways to do this. For starters, you can just use the date command. It looks like this:

date

date

The output will have your timezone in it. For example, the output of that command on one of my boxes looks like:

$ date
Fri 08 Oct 2021 08:17:53 PM EDT

1 2	$ date Fri 08 Oct 2021 08:17:53 PM EDT

As you can see, the timezone is at the end. In my case, it’s “EDT” and that’s probably the easiest way to get the timezone information.

You can also use ‘timedatectl’ which looks like this:

timedatectl

1	timedatectl

That’ll give you the timezone and even tell you the adjustment from GMT. If you want, you can use grep with it.

timedatectl | grep "Time zone"

1	timedatectl \| grep "Time zone"

That will, of course, just output the line containing your timezone. Also, I have no idea why it’s two words. I know it as one word, but here we are and I suppose it’s just not that important.

I have one more way to find your timezone in the terminal and it’ll output your timezone in text. It’s just:

cat /etc/timezone

1	cat /etc/timezone

The output from that would look a little like this:

$ cat /etc/timezone
America/New_York

1 2	$ cat /etc/timezone America/New_York

So, there are a few ways. There are surely other ways, so feel free to leave a comment sharing them.

Closure:

And there you have it, another article. This one shares how to find your timezone in the terminal. It’s a relatively easy article to follow and not really a tool I expect most users to need. Still, it’s there if you need it and this article stands as a reference to it.

Install An FTP Server With VSFTPD

FTP stands for File Transfer Protocol and is still a useful, if less secure, and quick way to transfer files from one computer to another. If you’ve enabled SSH, then SFTP (SSH File Transfer Protocol) is likely available and it’s truly a better option than FTP. If SFTP is an option, you should probably use it.

There are still people who prefer FTP and situations where FTP makes sense. I actually use it to transfer files around my home network with some regularity. Not only does it let me transfer files, I can also use the FTP application to do things like rename files, copy and move files, and even change file permissions. It’s more about the application at that point, I suppose. Of course, most FTP clients handle SFTP just fine these days.

FTP isn’t all that secure and, again, SFTP is likely a better option in every way, but VSFTPD is “VS” – meaning “Very Secure.” I mean, that’s what they claim – and they do have some security configuration options. So, it has that going for it.

Either way, this article is gonna tell you how to install it. What you do with that information is entirely up to you! If you do eventually want to use this information, there are a couple of previous articles that might suit your needs.

You might need to know about hostnames. Click here.
You may wish to know your IP address. Click here.

With that information read and at hand, let’s jump into installing VSFTPD!

Enable FTP with VSFTPD:

The reason I picked VSFTPD for this is because it’s pretty much universally available. It’s there for all the major distros, readily available in your default repositories. We’re not going to get deep into any configuration options, nor are we even going to discuss securing it. We’re simply going to install it and let you loose on the world!

To that end, why don’t we crack open our terminal? To do that, you can just use your keyboard – press CTRL + ALT + T and your default terminal should open.

With that step done, let’s go ahead and install it:

Debian/Ubuntu:

sudo apt install vsftpd

1	sudo apt install vsftpd

Fedora/RHEL:

sudo dnf install vsftpd

1	sudo dnf install vsftpd

SEL/OpenSUSE:

sudo zypper install vsftpd

1	sudo zypper install vsftpd

Arch/Manjaro:

sudo pacman -S vsftpd

1	sudo pacman -S vsftpd

One of those should do the trick for the major distros. As much as I’d like to just leave it there, that’s not quite enough. I’ll also let you know that your configuration is largely done in /etc/vsftpd.conf and you can use man vsftpd.conf to learn about configuring your new FTP server.

For the configuration basics, you’ll want to enable writing to the server (so that you can change files, including uploading them) and you’ll likely want to enable local access. Like other configuration files, you may need to remove the # from the start of the lines in order for them to be read and take effect. To comment out lines, you just add a # to the start of the line and the line will be ignored.

You can use nano, vim, or any plain text editor you want to edit the files. However, changes won’t take effect until after you restart the FTP server’s daemon. To do that, you use this command:

sudo systemctl restart vsftpd

1	sudo systemctl restart vsftpd

With this done, you can connect to your FTP server by using the hostname or the IP address, internal or external. There are links at the first section of the article that tell you how to find that information, though the site’s search works just fine. See? I actually DID have a reason for posting those!

Again, SFTP is a much better option. I actually plan on doing an article about SFTP, but that article requires linking to this sort of article and so I might as well write it first!

Closure:

And there you have it… Yet another article in the books. If you’d like to do a guest article, you can just write it and I’ll do the rest! Every other day as a publishing schedule isn’t too bad, but a break would be fun. Either way, enjoy your new FTP server and good luck!

How To: Disable Sleep And Hibernation on Ubuntu Server

For some reason, Ubuntu Server comes with ‘power management’ enabled. This is an article that tells you how to disable sleep and hibernation in Ubuntu Server. It’ll work just fine for non-server installs, but this is aimed specifically at the Ubuntu Server release.

I recently was working on my own router. For this, I used Ubuntu Server as the base operating system. For some reason, it was shutting itself down after periods of inactivity. This isn’t acceptable behavior for a device that’s meant to be running all the time.

I checked in my logs and I found entries like this one:

Apr 3 12:18:27 server systemd[1]: Reached target Sleep.

That was entirely unacceptable. I do not know why power management was installed, nor do I know why it was active by default. I merely know that it was and that I couldn’t have that behavior with a server, a device meant to be always powered on.

So, I did what anyone would do in my shoes. I disabled sleep and hibernation entirely. It’s quick and easy – and effective! I’ll show you how!

Disable Sleep/Hiberation:

Like most articles, you’re gonna need a terminal. If it’s actually a server, you’re likely already able to connect with SSH. So, add the step of connecting to the server if you’re doing this remotely. If not, just proceed.

Once you have your terminal open, you’re to kill everything that has to do with suspend, sleep, or hybrid-sleep. It’s actually pretty easy. Start by opening said terminal, by pressing CTRL + ALT + T and then enter the following commands:

First, you mask ‘sleep.target‘:

sudo systemctl mask sleep.target

1	sudo systemctl mask sleep.target

Then mask ‘suspend.target‘:

sudo systemctl mask suspend.target

1	sudo systemctl mask suspend.target

And mask ‘hibernate.target‘:

sudo systemctl mask hibernate.target

1	sudo systemctl mask hibernate.target

Finally, mask ‘hybrid-sleep.target‘:

sudo systemctl mask hybrid-sleep.target

1	sudo systemctl mask hybrid-sleep.target

Later, should you change your mind, you can unmask them and that’ll enable them again. Just change ‘mask’ to ‘unmask’ and run the commands again. See? Pretty easy!

If you want, you can verify the efficacy. Simply use the following:

systemctl status sleep.target

1	systemctl status sleep.target

(You can change ‘sleep.target’ to one of the above services and check them individually.)

Closure:

That’s it! I told you that it’d be pretty easy. It’s not only easy, it’s easy to undo this should you change your mind. Again, I do not know why power management is enabled by default in a server release. Nobody asked me! So, that’s how you disable sleep and hibernation with Ubuntu. (It’ll surely work with other distros.)

Thanks for reading! If you want to help, you can donate, write an article, vote for articles you like, share this article on social media, buy cheap hosting, register to help, etc… Nobody ever reads the last paragraph anyhow. Still, you can help if you want!

Update 01.27.2020 Per comment.