BestHub
Sign in
Information Security 6 min read

How to Harden a Linux Server: SSH, User Management, and Sudo Tweaks

This guide walks through practical steps to secure a Linux server, including modifying SSH settings, disabling ping responses, managing users and groups, protecting critical account files, creating new users, and configuring sudo or UID changes to control root access.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How to Harden a Linux Server: SSH, User Management, and Sudo Tweaks

Modify SSH login configuration

Open the SSH daemon configuration file and adjust several settings to improve security.

vim /etc/ssh/sshd_config

# Change the listening port (e.g., to 10000)
Port 10000

# Use only protocol 2
Protocol 2

# Disallow direct root login
PermitRootLogin no

# Disallow empty passwords
PermitEmptyPasswords no

Restart the SSH service to apply the changes:

service sshd restart

Disable ICMP echo (ping) responses

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

The default value is 0, which means the server replies to ping requests.

User management basics

cat /etc/passwd      # list users
cat /etc/group       # list groups
who                 # current logged‑in user
last                # login history

Remove unnecessary default accounts and groups to reduce the attack surface.

userdel sync
userdel shutdown
# other unnecessary users: halt uucp operator games gopher

groupdel adm
groupdel games
# other unnecessary groups: lp dip

Protect critical account files

Set the immutable attribute (+i) on the main account files so they cannot be altered without root privileges.

chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow

To revert the change, replace +i with -i and rerun the commands.

Create a new user

adduser username
passwd username   # set password

Regular users should only have full permissions in their own home directories; privileged actions require sudo.

chmod -v u+w /etc/sudoers   # temporarily allow editing
# add a line for the new user, then
chmod -v u-w /etc/sudoers   # restore read‑only

Grant root privileges

Method 1: Uncomment the %wheel ALL=(ALL) ALL line in /etc/sudoers and add the user to the wheel group.

Method 2 (recommended): Add explicit entries for root and the new user:

# Allow root to run any command
root ALL=(ALL) ALL
uusama ALL=(ALL) ALL

After editing, the user can obtain a root shell with sudo -s or su -.

Method 3: Change the user’s UID to 0 in /etc/passwd:

uusama:x:500:500:tommy:/home/uusama:/bin/bash
# change UID to 0
uusama:x:0:500:tommy:/home/uusama:/bin/bash

Logging in with this account provides root privileges directly.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxUser ManagementSSHSudoServer SecurityRoot Access
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment