You can configure permissions of users for logging in to a BMS based on the user type. Select the type of the account for logging in to the BMS.
Allowing user root to log in to the BMS remotely has potential security risks. Exercise caution before performing the operations.
Take CentOS 6.7 for example. Modify the following parameters:
users: - name: root lock_passwd: false disable_root: 0 ssh_pwauth: 1
Change the value of PasswordAuthentication to yes.
Add !! to the hash value of the user root password. The modified file content is as follows:
# cat /etc/shadow | grep root root:!!$6$SphQRPXu$Nvg6izXbhDPrcY3j1vRiHaQFVRpNiV3HD/bjDgnZrACOWPXwJahx78iaut1IigIUrwavVGSYQ1JOIw.rDlVh7.:17376:0:99999:7:::
For Ubuntu, you must delete the user created during the OS installation. For example, if the created user is ubuntu, run the userdel -rf ubuntu command.
By modifying this configuration item, you can enable the system to remind users of changing the password when they log in to the BMS for the first time. This helps enhance the BMS security. To modify this configuration item, perform the following operations:
/etc/motd is the directory that stores the prompts displayed after login to Linux.
Please update the password for root regularly and ensure the complexity of the password.
The value of parameter PASS_MAX_DAYS indicates the password validity period.
chage -M 99999 user_name
99999 is the validity period of the password, and user_name is a system user.
You are advised to set the password validity period as needed and change it on a regular basis.