The purpose of limiting the remote login of root users is to leave it alone. The following are several methods: Method 1: Modify the/etc/ssh/sshd_config file and change PermitRootLogin to no, then restart the ssh service. /Etc/rc. d/sshd restart Method 2: In the/etc/default/login file, add a line of setting command: CONSOLE =/dev/tty01 to take effect immediately and no need to reboot. In the future, users can only log on to the console (/dev/tty01) as root, thus limiting root remote logon. However, root logon is also restricted, it brings a lot of inconvenience to the Administrator's daily maintenance work. Www.2cto.com method 3: 1. to restrict root remote logon, you must first determine which users are remote users (that is, whether to perform telnet logon through another Windows or UNIX System) and which users are LAN users. Use the following shell program to achieve this goal. TY = 'tty | cut-B 9-12 'wh = 'finger | cut-B 32-79 | grep "$ TY" | cut-B 29-39 'KK = 'tty | cut- B 6-9 'If ["$ KK" = "ttyp"] Then WH = $ WH Else WH = "local" Fi above the Shell command program, WH is the Host IP address of the logon user. If the ing between the IP address and the host name is defined in the/etc/hosts file, WH is the host name of the logon user. Assume that the IP address of the terminal server connected to the LAN is 99.57.32.18, add a line in the/etc/hosts file: www.2cto.com 99.57.32.18 terminal_server. All terminal servers connected to the host through the 99.57.32.18 terminal servers, WH is the same value, that is, the terminal server name terminal_server. 2. In the root. profile file, different processing is performed based on the WH value, thus limiting root remote login. Trap 1 2 3 9 15 If ["$ WH" = "local"-o "$ WH" = "terminal_server"] Then Echo "Welcome ...... "Else Exit Fi method 4: Sometimes, for the convenience of work, some computers in the LAN are allowed to log on as the root user. For example, to allow the root user to log on to a computer whose IP address is 99.57.32.58, in the preceding method, we need to add two points: 1. in the/etc/hosts file, add a line: 99.57.32.58 xmh. 2. in the preceding Shell section, modify www.2cto.com If ["$ WH" = "local"-o "$ WH" = "terminal_server"]: if ["$ WH" = "local"-o "$ WH" = "terminal_server"-o "$ WH" = "xmh"] Method 5: After the above processing, there is still the possibility of using the su command to become a root user after a common user logs on, thus achieving the root remote login goal. To prevent remote root logon using this method, you must restrict normal users from executing the su command: 1. Change the su command owner to root; 2. Change the su command permission to 700 author comexpert.