Disabling Remote Logins of the Root User
- For security purposes, log in as the globalcacheop user, rather than as the root user, to perform O&M operations.
- Remove the restriction that forbids common users to use the su command.
vi /etc/pam.d/su
Use the comment tag (#) to comment out the line in the red box.
- Disable the remote login of the root user.
1vi /etc/ssh/sshd_configChange the value of PermitRootLogin to no.
- Run the following command to restart the SSHD service to make the configuration take effect:
1systemctl restart sshd.service
- Change the validity period of the O&M account password to 90 days.
1passwd -x 90 globalcacheop
Set the number of days for generating an alarm before the O&M account expires to 7.
1passwd -w 7 globalcacheop
Enable the O&M account password to be changed within 35 days after it expires.
1passwd -i 35 globalcacheop
- Remove the restriction that forbids common users to use the su command.
Parent topic: Configuring Security