BestHub
Sign in
Information Security 6 min read

Boost Your Server Security: Essential SSH, User, and Root Hardening Steps

This guide walks you through practical steps to secure a newly purchased Linux server, covering SSH configuration changes, disabling ping responses, thorough user and group management, creating new accounts, and three reliable methods to grant root privileges safely.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Boost Your Server Security: Essential SSH, User, and Root Hardening Steps

After buying a server, a security breach caused by misconfiguration can be disastrous, so this article presents straightforward techniques to harden a Linux server.

Modify SSH login configuration

Edit the SSH daemon configuration file and adjust key settings:

vim /etc/ssh/sshd_config
# Change the following items
Port 10000               # Use a port above 10000 to reduce scanning attacks
Protocol 2               # Disable the insecure SSH‑1 protocol
PermitRootLogin no      # Disallow direct root login; use a normal account then su
PermitEmptyPasswords no # Disallow logins with empty passwords

After saving, restart the SSH service:

service sshd restart

Disable all ping (ICMP echo) responses

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

The default value is 0, which allows ping replies.

User management

Basic commands to inspect accounts and groups:

cat /etc/passwd   # List users
cat /etc/group    # List groups
who               # Show currently logged‑in users
last               # Show login history

Remove unnecessary default accounts and groups to reduce attack surface:

userdel sync
userdel shutdown
# Additional unwanted users: sync, shutdown, halt, uucp, operator, games, gopher

groupdel adm
groupdel games
# Additional unwanted groups: adm, lp, games, dip

Protect the critical account files by making them immutable:

chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow

To revert, replace +i with -i and run the same commands.

Create a new user

adduser username          # Create user
passwd username          # Set password

Regular users have full rights only in their home directories; privileged actions require sudo. The sudoers file is read‑only by default.

Grant root privileges

Method 1: Edit /etc/sudoers, uncomment the line %wheel ALL=(ALL) ALL, then add the user to the wheel group: usermod -g wheel uusama Method 2 (recommended): Add explicit entries for root and the user:

## Allow root to run any command anywhere
root ALL=(ALL) ALL
uusama ALL=(ALL) ALL

After saving, log in as uusama and run sudo -s to obtain a root shell.

Method 3: Change the user’s UID to 0 in /etc/passwd:

uusama:x:500:500:tommy:/home/uusama:/bin/bash
# Change to
uusama:x:0:500:tommy:/home/uusama:/bin/bash

Logging in as uusama now provides root privileges directly.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxUser ManagementSudoServer SecuritySSH HardeningRoot Access
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment