CompTIA Linux+ (XK0-005) — Question 121

To harden one of the servers, an administrator needs to remove the possibility of remote administrative login via the SSH service. Which of the following should the administrator do?

Answer options

• A. Add the line DenyUsers root to the /etc/hosts.deny file.
• B. Set PermitRootLogin to no in the /etc/ssh/sshd_config file.
• C. Add the line account required pam_nologin. so to the /etc/pam.d/sshd file.
• D. Set PubKeyAuthentication to no in the /etc/ssh/ssh_config file.

Correct answer: B

Explanation

The correct answer is B because setting PermitRootLogin to no in the /etc/ssh/sshd_config file directly disables root login via SSH, enhancing security. Option A only restricts the root user from connecting but does not affect other users, while option C limits account access but is not specific to SSH remote login. Option D addresses key-based authentication, which does not prevent SSH login entirely.