Matikan Akses SSH Root
/var/log/auth.log coba cek log siapa saja yang mencoba masuk kedalam server melalui SSH.
Nov 2 21:09:56 mars sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 user=root Nov 2 21:09:58 mars sshd[29617]: Failed password for root from 119.188.3.56 port 53661 ssh2 Nov 2 21:10:02 mars sshd[29619]: Invalid user abuse from 119.188.3.56 Nov 2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): check pass; user unknown Nov 2 21:10:02 mars sshd[29619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 Nov 2 21:10:04 mars sshd[29619]: Failed password for invalid user abuse from 119.188.3.56 port 55378 ssh2 Nov 2 21:10:08 mars sshd[29621]: Invalid user ac from 119.188.3.56 Nov 2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): check pass; user unknown Nov 2 21:10:08 mars sshd[29621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.188.3.56 Nov 2 21:10:10 mars sshd[29621]: Failed password for invalid user ac from 119.188.3.56 port 56595 ssh2
Matikan SSH --> nano /etc/ssh/sshd_config PermitRootLogin no Buat user dengan nama se alay mungkin tapi mudah diingat.
usermod -G wheel alay321 usermod -G sudo alay321
-wheel untuk RHEL -sudo untuk DEB Tambahkan baris ini: di DEB:
%sudo ALL=(ALL) ALL |
di Redhat:
%wheel ALL=(ALL) ALL Test dengan login ke Server dengan SSH user alay321. setelah itu jadikan root dengan perintah.
sudo -i
ibolobolo blog 