0

I want my server to not allow root login. For this I want to set the PermitRootLogin to No (in the SSH daemon config), but before doing that I want to make sure I can switch to root from another user account with sudo su -.

The problem is that I reset the password for account admin and then, when I tried to to sudo su -, it gives me a message: password incorrect, but the password is the correct one (the new one).

What could be the problem?? I already checked the account is not blocked.

Kusalananda
  • 333,661
user3105533
  • 53
  • 1
    Welcome to UNIX.stackexchange.com! Your question could use a little clarification. Do you mean you want to deny root login via SSH (I assume so because PermitRootLogin is the parameter name in sshd_config). You say you reset the password for account 'admin'...is this a regular user account you created? When you changed the 'admin' account password, did you start a new terminal/session and try to use sudo in the new session? – 0xSheepdog May 27 '17 at 18:02
  • Use sudo su - – AlexP May 27 '17 at 21:00
  • @AlexP See http://unix.stackexchange.com/questions/218169/is-there-ever-a-good-reason-to-run-sudo-su – Kusalananda May 27 '17 at 21:12
  • @Kusalananda: Yes I know. It was an attempt to accomodate OP's desire to use su -. – AlexP May 27 '17 at 21:14

1 Answers1

2

sudo will ask for the password of the user invoking sudo, not for the root account password. You also need to make sure that the user using sudo is allowed to do so in the sudoers file, by either allowing a group that the user is a member of to sudo, or by allowing the user directly to sudo, with or without entering a password.

On some Linuxes there is a sudo group that one may put users into, with a preset config line in the sudoers file (possibly commented out by default).

See also "Is there ever a good reason to run sudo su?" for alternatives to the somewhat cumbersome sudo su -.

Kusalananda
  • 333,661