openbsd 禁止root远程登陆

1、增加普通用户.

adduser test

# adduser
Use option ``-silent'' if you don't want to see all warnings and questions.
Reading /etc/shells
Reading /etc/login.conf
Check /etc/master.passwd
Check /etc/group
Ok, let's go.
Don't worry about mistakes. I will give you the chance later to correct any input.
Enter username []: testuser
Enter full name []: Test FAQ User
Enter shell csh ksh nologin sh [sh]: ksh
Uid [1002]: Enter
Login group testuser [testuser]:test
Login group is ``guest''. Invite testuser into other groups: guest no 
[no]: no
Login class auth-defaults auth-ftp-defaults daemon default staff 
[default]: Enter
Enter password []: Type password, then Enter
Enter password again []: Type password, then Enter
Name:        testuser
Password:    ****
Fullname:    Test FAQ User
Uid:         1002
Gid:         31 (guest)
Groups:      guest
Login Class: default
HOME:        /home/testuser
Shell:       /bin/ksh
OK? (y/n) [y]: y
Added user ``testuser''
Copy files from /etc/skel to /home/testuser
Add another user? (y/n) [y]: n
Goodbye!

2、修改/etc/group

在wheel组中修改为

wheel:*:0:root,test

为了用test登录后,使用su切换到root

3、备份sshd_config

生产机器禁止ROOT远程SSH登录：

    #vi /etc/ssh/sshd_config

把#PermitRootLogin yes 修改为PermitRootLogin no  

去了"#".yes改为no.

保存 。

重启sshd。

再试用root远程登录。

不能登录。OK！