disable root login on console
5,498
Solution 1
This will disable the root account on debian (not sure about cent os):
sudo passwd -l root
Solution 2
1) Activate the pam_access module on /etc/pam.d/login adding on the first 'account' line --> "account required pam_access.so"
2) Configure the access on /etc/security/access.conf :
3) +:root:cron crond [To avoid " pam_access(crond:account): access denied for user root' from
cron'" and "crontab: pam_access(crond:account): access denied for user root' from
cron'"]
-:root:LOCAL
Related videos on Youtube
Author by
Sagar Shinde
Updated on September 18, 2022Comments
-
Sagar Shinde over 1 year
How to disable root login on console on debian and cent os 6. I have tried truncating /etc/securetty but it will disable all the users. I want to disable only root login through console.
-
ilkkachu about 7 yearsDepends a bit on how you want to be able to login as root afterwards. Directly to the root account with SSH? Using a password or a key? Or do you just want to use
su
orsudo
? -
Andrew Henle about 7 yearsBe careful - if all your non-root logins are not local to the machine (LDAP, for example), be sure that you still have some form of local login that would allow you to login to the machine no matter what. For example, if the only accounts you can log onto the machine directly are are LDAP-based accounts and the machine's network card fails, you might be unable to login at all if you don't have a purely local login available.
-
-
hyph about 7 yearsmight as well add this answer (the accepted one) from serverfault with setting /bin/false as shell for root (it's an OS agnostic solution). Not the part about ssh.