Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?

Kevin Ryan has been working as a cloud security engineer over the past 2 years in a multinational company, which uses AWS-based cloud services. He launched an EC2 instance with Amazon Linux AMI. By disabling password-based remote logins, Kevin wants to eliminate all possible loopholes through which an attacker can exploit a user account remotely. To disable password-based remote logins, using the text editor, Kevin opened the /etc/ssh/sshd_config file and found the #PermitRootLogin yes line.

Which of the following command lines should Kevin use to change the #PermitRootLogin yes line to disable password-based remote logins?
A . PermitRootLogin without-password
B . PermitRootLogin without./password/disable
C . PermitRootLogin without./password
D . PermitRootLogin without-password/disable

View Answer

Answer: A

Explanation:

To disable password-based remote logins for the root account on an EC2 instance running Amazon Linux AMI, Kevin should modify the SSH configuration as follows:

Open SSH Configuration: Using a text editor, open the /etc/ssh/sshd_config file.

Find PermitRootLogin Directive: Locate the line #PermitRootLogin yes. The # indicates that the line is commented out.

Modify the Directive: Change the line to PermitRootLogin without-password. This setting allows root login using authentication methods other than passwords, such as SSH keys, while disabling password-based root logins.

Save and Close: Save the changes to the sshd_config file and exit the text editor.

Restart SSH Service: To apply the changes, restart the SSH service by running sudo service sshd restart or sudo systemctl restart sshd, depending on the system’s init system.

Reference: The PermitRootLogin without-password directive in the SSH configuration file is used to enhance security by preventing password-based authentication for the root user, which is a common target for brute force attacks. Instead, it requires more secure methods like SSH key pairs for authentication. This change is part of best practices for securing SSH access to Linux servers.