A systems administrator is hardening a new Linux server according to security best practices. The security policy requires that the root user cannot log in directly using a password but must be able to log in using SSH key-based authentication for emergency maintenance. Which configuration should the administrator set in the /etc/ssh/sshd_config file to meet this requirement?
The correct setting is PermitRootLogin prohibit-password. This directive in the sshd_config file specifically disables password and keyboard-interactive authentication for the root user while still allowing other authentication methods like public key authentication.
PermitRootLogin no would be incorrect as it completely disables root login via SSH, which violates the requirement to allow key-based login for emergencies.
PermitRootLogin yes is incorrect because it would allow root login using any method, including passwords, which is against the stated security policy.
PermitRootLogin forced-commands-only is also incorrect in this scenario. While it does use key-based authentication, it restricts the root user to only executing specific commands defined in the authorized_keys file and does not grant an interactive shell, which would likely be needed for 'emergency maintenance'.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is SSH key-based authentication preferred over password authentication?
Open an interactive chat with Bash
What other changes should be made in `sshd_config` to improve security further?
Open an interactive chat with Bash
What is the purpose of the `authorized_keys` file in SSH?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access