{"id":269,"date":"2025-11-21T09:12:14","date_gmt":"2025-11-21T09:12:14","guid":{"rendered":"https:\/\/adveyer.com\/blog\/?p=269"},"modified":"2025-11-21T09:12:14","modified_gmt":"2025-11-21T09:12:14","slug":"linux-sunucularda-root-erisimi-acma","status":"publish","type":"post","link":"https:\/\/adveyer.com\/blog\/linux-sunucularda-root-erisimi-acma\/","title":{"rendered":"Linux Sunucularda Root Eri\u015fimi A\u00e7ma \u2013 G\u00fcvenli Root Login Rehberi"},"content":{"rendered":"<p>Linux sunucularda <strong>root<\/strong>, sistemin en yetkili kullan\u0131c\u0131s\u0131d\u0131r.<br \/>\nT\u00fcm dosyalara eri\u015febilir, t\u00fcm servisleri y\u00f6netebilir, her \u015feyi silebilir veya yeniden olu\u015fturabilir.<br \/>\nTam da bu y\u00fczden pek \u00e7ok da\u011f\u0131t\u0131mda <strong>root ile do\u011frudan SSH ba\u011flant\u0131s\u0131 kapal\u0131 gelir<\/strong> ve sudo kullan\u0131m\u0131 te\u015fvik edilir.<\/p>\n<p>Yine de baz\u0131 durumlarda (ilk kurulum, otomasyon, y\u00f6netim panelleri vb.) <strong>root eri\u015fimini a\u00e7ma<\/strong> ihtiyac\u0131 do\u011fabilir.<br \/>\nBu yaz\u0131da, hem <strong>SSH \u00fczerinden root login a\u00e7ma<\/strong>, hem de <strong>root hesab\u0131na \u015fifre verme\/aktif etme<\/strong> ad\u0131mlar\u0131n\u0131 anlataca\u011f\u0131z.<br \/>\nAyr\u0131ca bunu yaparken dikkat etmen gereken <strong>g\u00fcvenlik \u00f6nlemlerine<\/strong> de \u00f6zellikle de\u011finece\u011fiz.<\/p>\n<blockquote><p>\u26a0\ufe0f Uyar\u0131: Root eri\u015fimini a\u00e7mak her zaman risklidir. M\u00fcmk\u00fcnse <strong>sudo<\/strong> kullan ve root SSH eri\u015fimini sadece ger\u00e7ekten gerekiyorsa a\u00e7.<\/p><\/blockquote>\n<h2>Root Durumunu Kontrol Etme<\/h2>\n<p>\u00d6zellikle Ubuntu gibi da\u011f\u0131t\u0131mlarda root kullan\u0131c\u0131s\u0131na do\u011frudan \u015fifre verilmemi\u015f olur.<\/p>\n<p>\u00d6nce normal bir kullan\u0131c\u0131 ile ba\u011flan:<\/p>\n<pre><code class=\"language-bash\">ssh kullanici@sunucu-ip\r\n<\/code><\/pre>\n<p>Ard\u0131ndan root hesab\u0131n\u0131n kilitli olup olmad\u0131\u011f\u0131n\u0131 kontrol et:<\/p>\n<pre><code class=\"language-bash\">sudo passwd -S root\r\n<\/code><\/pre>\n<p>\u00d6rnek \u00e7\u0131kt\u0131lar:<\/p>\n<ul>\n<li><code>root L ...<\/code> \u2192 Locked (kilitli)<\/li>\n<li><code>root P ...<\/code> \u2192 Password set (aktif)<\/li>\n<\/ul>\n<p>E\u011fer root kilitliyse, kullan\u0131ma a\u00e7mak i\u00e7in \u015fifre tan\u0131mlaman gerekir.<\/p>\n<h2>Root Kullan\u0131c\u0131s\u0131na \u015eifre Verme \/ Aktif Etme<\/h2>\n<p>E\u011fer root hesab\u0131na \u015fifre vermek istiyorsan:<\/p>\n<pre><code class=\"language-bash\">sudo passwd root\r\n<\/code><\/pre>\n<p>Komut senden iki kez yeni root \u015fifresi isteyecek:<\/p>\n<pre><code class=\"language-text\">Enter new UNIX password:\r\nRetype new UNIX password:\r\npasswd: password updated successfully\r\n<\/code><\/pre>\n<p>Bu i\u015flem sonras\u0131 root kullan\u0131c\u0131s\u0131na lokal olarak <code>su -<\/code> komutu ile ge\u00e7ebilirsin:<\/p>\n<pre><code class=\"language-bash\">su -\r\n<\/code><\/pre>\n<p>Ancak hen\u00fcz <strong>SSH \u00fczerinden root giri\u015fi<\/strong> a\u00e7\u0131lm\u0131\u015f de\u011fil.<br \/>\nOnu ayr\u0131ca SSH yap\u0131land\u0131rmas\u0131ndan aktif etmemiz gerekiyor.<\/p>\n<h2>SSH \u00dczerinden Root Giri\u015fi A\u00e7ma (sshd_config)<\/h2>\n<p>Root ile uzaktan ba\u011flanabilmek i\u00e7in <code>sshd_config<\/code> dosyas\u0131n\u0131 d\u00fczenlemelisin.<\/p>\n<p>Dosyay\u0131 a\u00e7:<\/p>\n<pre><code class=\"language-bash\">sudo nano \/etc\/ssh\/sshd_config\r\n<\/code><\/pre>\n<p>Bu dosyan\u0131n i\u00e7inde a\u015fa\u011f\u0131daki sat\u0131rlara benzer bir yap\u0131 g\u00f6rebilirsin:<\/p>\n<pre><code class=\"language-text\">#PermitRootLogin prohibit-password\r\n#PermitRootLogin yes\r\n<\/code><\/pre>\n<p>Yapmak istediklerine g\u00f6re 3 senaryo var:<\/p>\n<h3>\u00d6nerilen: Sadece SSL Anahtar\u0131 ile Root Eri\u015fimi<\/h3>\n<p>En g\u00fcvenli y\u00f6ntem, root hesab\u0131n\u0131 <strong>\u015fifre ile de\u011fil, sadece SSH key ile<\/strong> a\u00e7makt\u0131r.<\/p>\n<p>\u015eu \u015fekilde ayarla:<\/p>\n<pre><code class=\"language-text\">PermitRootLogin prohibit-password\r\n<\/code><\/pre>\n<p>Bu \u015fekilde:<\/p>\n<ul>\n<li>Root ile <strong>parola ile giri\u015f yasaklan\u0131r<\/strong><\/li>\n<li>Root ile <strong>sadece SSH anahtar (public key)<\/strong> kullanarak giri\u015f yap\u0131labilir<\/li>\n<\/ul>\n<h3>Daha Riskli: Parola ile Root Giri\u015fi A\u00e7mak<\/h3>\n<p>E\u011fer ille de parola ile root giri\u015fi a\u00e7\u0131ls\u0131n istiyorsan:<\/p>\n<pre><code class=\"language-text\">PermitRootLogin yes\r\n<\/code><\/pre>\n<p>ve ayr\u0131ca \u015fu de\u011ferlerin uygun oldu\u011fundan emin ol:<\/p>\n<pre><code class=\"language-text\">PasswordAuthentication yes\r\n<\/code><\/pre>\n<blockquote><p>\u2757 G\u00fcvenlik a\u00e7\u0131s\u0131ndan bu y\u00f6ntem sadece ge\u00e7ici olarak veya kapal\u0131 bir a\u011fda \u00f6nerilir. \u0130nternete a\u00e7\u0131k sunucularda <strong>anahtar tabanl\u0131 kimlik do\u011frulama<\/strong> her zaman daha g\u00fcvenlidir.<\/p><\/blockquote>\n<p>Dosyay\u0131 kaydet:<\/p>\n<ul>\n<li>Nano i\u00e7in: <code>CTRL + X<\/code> \u2192 <code>Y<\/code> \u2192 <code>ENTER<\/code><\/li>\n<\/ul>\n<h2>SSH Servisini Yeniden Ba\u015flatma<\/h2>\n<p>Yap\u0131land\u0131rma de\u011fi\u015fiklikleri i\u00e7in SSH servisini yeniden y\u00fcklemen gerekir.<\/p>\n<p>Systemd temelli sistemlerde:<\/p>\n<pre><code class=\"language-bash\">sudo systemctl restart sshd\r\n<\/code><\/pre>\n<p><a href=\"https:\/\/adveyer.com\/blog\/ubuntu-nedir-linux-tabanli-isletim-sistemi\/\">Ubuntu<\/a>\/<a href=\"https:\/\/adveyer.com\/blog\/debian-nedir-kararli-ve-ozgur-linuxun-tarihi\/\">Debian<\/a> baz\u0131 s\u00fcr\u00fcmlerde:<\/p>\n<pre><code class=\"language-bash\">sudo systemctl restart ssh\r\n<\/code><\/pre>\n<p>Hata olup olmad\u0131\u011f\u0131n\u0131 kontrol etmek i\u00e7in:<\/p>\n<pre><code class=\"language-bash\">sudo systemctl status sshd\r\n<\/code><\/pre>\n<h2>Root ile SSH Ba\u011flant\u0131s\u0131n\u0131 Test Etme<\/h2>\n<p>Kendi bilgisayar\u0131ndan:<\/p>\n<pre><code class=\"language-bash\">ssh root@sunucu-ip\r\n<\/code><\/pre>\n<p>E\u011fer key-based login kullan\u0131yorsan, root\u2019un <code>~\/.ssh\/authorized_keys<\/code> dosyas\u0131nda public key\u2019in kay\u0131tl\u0131 oldu\u011fundan emin ol.<\/p>\n<h2>G\u00fcvenlik \u00d6nerileri (Kesinlikle Dikkate Al!)<\/h2>\n<p>Root eri\u015fimini a\u00e7mak, ayn\u0131 anda sald\u0131rganlara da kap\u0131 aralamak demektir.<br \/>\nBu nedenle \u015fu \u00f6nlemleri mutlaka al:<\/p>\n<h3>1. Root \u015fifresini g\u00fc\u00e7l\u00fc yap<\/h3>\n<ul>\n<li>En az 12\u201316 karakter<\/li>\n<li>B\u00fcy\u00fck\/k\u00fc\u00e7\u00fck harf, rakam ve \u00f6zel karakter i\u00e7ersin<\/li>\n<\/ul>\n<h3>2. SSH portunu de\u011fi\u015ftir (22 yerine farkl\u0131 bir port)<\/h3>\n<pre><code class=\"language-bash\">sudo nano \/etc\/ssh\/sshd_config\r\n<\/code><\/pre>\n<p>\u015eu sat\u0131r\u0131 d\u00fczenle:<\/p>\n<pre><code class=\"language-text\">Port 22\r\n<\/code><\/pre>\n<p>\u00d6rne\u011fin:<\/p>\n<pre><code class=\"language-text\">Port 2222\r\n<\/code><\/pre>\n<p>Ard\u0131ndan SSH\u2019\u0131 yeniden ba\u015flat ve g\u00fcvenlik duvar\u0131n\u0131 buna g\u00f6re g\u00fcncelle.<\/p>\n<h3>3. Fail2ban \/ CSF gibi ara\u00e7lar kullan<\/h3>\n<ul>\n<li>Yanl\u0131\u015f \u015fifre denemelerini belli bir say\u0131n\u0131n \u00fczerinde otomatik banla<\/li>\n<li>SSH brute force sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koru<\/li>\n<\/ul>\n<h3>4. M\u00fcmk\u00fcnse: Root login\u2019i gereksiz oldu\u011funda tekrar kapat<\/h3>\n<p>\u0130\u015fin bitti\u011finde <code>PermitRootLogin<\/code> de\u011ferini tekrar \u015fu hale \u00e7ekebilirsin:<\/p>\n<pre><code class=\"language-text\">PermitRootLogin no\r\n<\/code><\/pre>\n<p>ve sudo ile y\u00f6netmeye devam edebilirsin.<\/p>\n<h2>Alternatif: Root Yerine sudo Kullanmak (En G\u00fcvenli Yakla\u015f\u0131m)<\/h2>\n<p>Asl\u0131nda modern Linux y\u00f6netiminde \u00f6nerilen y\u00f6ntem:<\/p>\n<ul>\n<li>Normal bir kullan\u0131c\u0131 ile ba\u011flan<\/li>\n<li>Gerekli i\u015flemleri <code>sudo<\/code> ile yap<\/li>\n<\/ul>\n<p>\u00d6rne\u011fin:<\/p>\n<pre><code class=\"language-bash\">sudo su -\r\n<\/code><\/pre>\n<p>Bu y\u00f6ntemle:<\/p>\n<ul>\n<li>Direkt root hedef al\u0131nmaz<\/li>\n<li>Her komut loglan\u0131r<\/li>\n<li>Yanl\u0131\u015fl\u0131kla yap\u0131lan i\u015flemleri azaltmak daha kolay olur<\/li>\n<\/ul>\n<h2>Linux Sunucularda Root Eri\u015fimi A\u00e7ma &#8211; Sonu\u00e7<\/h2>\n<p><strong>Linux sunucularda root eri\u015fimi a\u00e7ma<\/strong>, \u00f6zellikle y\u00f6netim kolayl\u0131\u011f\u0131 a\u00e7\u0131s\u0131ndan cazip olabilir; ancak g\u00fcvenlik riskleri sebebiyle dikkatli yap\u0131lmal\u0131d\u0131r.<\/p>\n<p>Bu rehberde:<\/p>\n<ul>\n<li>Root hesab\u0131na \u015fifre vermeyi<\/li>\n<li>SSH \u00fczerinden root eri\u015fimi a\u00e7may\u0131<\/li>\n<li><code>sshd_config<\/code> ile PermitRootLogin ayar\u0131n\u0131 de\u011fi\u015ftirmeyi<\/li>\n<li>G\u00fcvenlik i\u00e7in al\u0131nmas\u0131 gereken ek \u00f6nlemleri<\/li>\n<\/ul>\n<p>ad\u0131m ad\u0131m g\u00f6rm\u00fc\u015f oldun.<\/p>\n<p>Her zaman \u015fu kural\u0131 unutma:<br \/>\n\ud83d\udc49 <em>\u201cMecbur kalmad\u0131k\u00e7a root ile direkt ba\u011flanma, sudo ile \u00e7al\u0131\u015f.\u201d<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux sunucularda root, sistemin en yetkili kullan\u0131c\u0131s\u0131d\u0131r. T\u00fcm dosyalara eri\u015febilir, t\u00fcm servisleri y\u00f6netebilir, her \u015feyi silebilir veya yeniden olu\u015fturabilir. Tam da bu y\u00fczden pek \u00e7ok da\u011f\u0131t\u0131mda root ile do\u011frudan SSH ba\u011flant\u0131s\u0131 kapal\u0131 gelir ve sudo kullan\u0131m\u0131 te\u015fvik edilir. Yine de baz\u0131 durumlarda (ilk kurulum, otomasyon, y\u00f6netim panelleri vb.) root eri\u015fimini a\u00e7ma ihtiyac\u0131 do\u011fabilir. Bu yaz\u0131da, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[],"class_list":["post-269","post","type-post","status-publish","format-standard","hentry","category-linux-genel"],"_links":{"self":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/comments?post=269"}],"version-history":[{"count":1,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/269\/revisions"}],"predecessor-version":[{"id":270,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/269\/revisions\/270"}],"wp:attachment":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/media?parent=269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/categories?post=269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/tags?post=269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}