View all Worklets
Linux

Linux - System Preferences - Disable Remote Root Login (PermitRootLogin)

Disables SSH root login on Linux systems.

Worklet Details

Introduction to the Bash-Based Disable Remote Root Login Worklet

The Disable Remote Root Login Worklet is a helpful utility designed for Linux systems that checks if the root user has direct SSH access enabled and disables it if necessary. This Worklet provides an additional layer of security by ensuring that only authorized users can have access to critical system resources.

By using this Worklet, administrators can easily prevent unauthorized users from gaining root access via SSH, thereby minimizing potential vulnerabilities and risks.

Why would you use the Disable Remote Root Login Worklet?

System administrators may want to disable remote root login as a security best practice. Providing remote root access increases the chances of unauthorized users exploiting vulnerabilities or guessing the root password.

Instead, it's recommended to use a normal user account with sudo privileges for administrative tasks, which offers better access control and auditing capabilities. The Disable Remote Root Login Worklet provides an automated way to enforce this policy on your Linux systems.

Components of the Disable Remote Root Login Worklet

This Worklet comprises two main scripts: evaluation.sh and remediation.sh. The evaluation script checks whether PermitRootLogin is disabled in the ssh daemon configuration file (/etc/ssh/sshd_config). If it detects that remote root login is enabled or has an empty value, the script will schedule remediation.

The remediation script modifies the ssh configuration file by setting PermitRootLogin to "no" and safely restarts the sshd service if there are no configuration errors. This ensures that changes take effect immediately without causing any disruptions to existing SSH connections.

How does the Disable Remote Root Login Worklet work?

When executed, the Disable Remote Root Login Worklet first checks if /etc/ssh/sshd_config exists on your Linux system. If not found, it exits gracefully with a message indicating that your device is not eligible for this Worklet.

If found, it looks for "PermitRootLogin" in the ssh daemon configuration file and verifies whether it is set to "no." If not, the script schedules remediation. During the remediation phase, the script disables PermitRootLogin by setting it to "no" and attempts to restart the sshd service.

What is the expected outcome when you use the Disable Remote Root Login Worklet?

When you use the Disable Remote Root Login Worklet, you can expect that direct SSH access for root users will be disabled on your Linux system. This helps enhance security by preventing unauthorized root access through SSH connections.

As a result, only normal users with sudo privileges will be able to perform administrative tasks using the sudo command. This approach provides better access control and reduces potential threats associated with allowing direct SSH access to the root account.

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets