A few years ago, there was a somewhat celebrated case where malicious actors had managed to plant malware on quite a few Linux servers somewhere in southeast Asia. There were three reasons that the bad guys found this so easy to do:

• The internet-facing servers involved were set up to use username/password authentication for SSH.
• The root user was allowed to log in through SSH.
• User passwords, including the root user's password, were incredibly weak.

All this meant that it was easy for Hail Mary to brute-force its way in.

Different distributions have different default settings for root user login. In the /etc/ssh/sshd_config file of your CentOS machine, you'll see this line:

#PermitRootLogin yes

Unlike what you have in most configuration files, the commented-out lines in sshd_config define the default settings for the Secure Shell daemon. So, this line indicates that the root user is indeed allowed to log in through SSH. To change that, I'll remove the comment symbol and change the setting to no:

PermitRootLogin no

To make the new setting take effect, I'll restart the SSH daemon, which is named sshd on CentOS, and is named ssh on Ubuntu:

sudo systemctl restart sshd

On the Ubuntu machine, the default setting looks a bit different:

PermitRootLogin prohibit-password

This means that the root user is allowed to log in, but only via a public key exchange. This is probably secure enough if you really need to allow the root user to log in. But in most cases, you'll want to force admin users to log in with their normal user accounts and use sudo for their admin needs. So, in most cases, you still want to change this setting to no.

You'll be able to practice this in just a few moments, in the next section.