Did You Know?
Donate to TecMint

We are pleased to announce our new TecMint Q/A section to submit your Linux questions

Disable or Enable SSH Root Login and Limit SSH Access in Linux

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

Today, everyone knows that Linux systems comes with root user access and by default the root access is enabled for outside world. For security reason it’s not a good idea to have ssh root access enabled for unauthorized users. Because any hacker can try to brute force your password and gain access to your system.

Disable Root Login

Disable SSH Root Login

So, its better to have another account that you regularly use and then switch to root user by using ‘su -‘ command when necessary. Before we start, make sure you have a regular user account and with that you su or sudo to gain root access.

In Linux, it’s very easy to create separate account, login as root user and simply run the ‘adduser‘ command to create separate user. Once user is created, just follow the below steps to disable root login via SSH.

We use sshd master configuration file to disable root login and this will may decrease and prevent the hacker from gaining root access to your Linux box. We also see how to enable root access again as well as how to limit ssh access based on users list.

Disable SSH Root Login

To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Search for the following line in the file.

#PermitRootLogin no

Remove the ‘#‘ from the beginning of the line.  Make the line look like similar to this.

PermitRootLogin no

Next, we need to restart the SSH daemon service.

# /etc/init.d/sshd restart

Now try to login with root user, you will get “Access Denied” error.

login as: root
Access denied
root@172.31.41.51's password:

So, from now onwards login as normal user and then use ‘su’ command to switch to root user.

login as: tecmint
Access denied
tecmint@172.16.25.126's password:
Last login: Tue Oct 16 17:37:56 2012 from 172.16.25.125
[tecmint@tecmint ~]$ su -
Password:
[root@tecmint ~]#

Enable SSH Root Login

To enable ssh root logging, open the file /etc/ssh/sshd_config.

# vi /etc/ssh/sshd_config

Search for the following line and put the ‘#‘ at the beginning and save the file.

# PermitRootLogin no

Restart the sshd service.

# /etc/init.d/sshd restart

Now try to login with root user.

login as: root
Access denied
root@172.16.25.126's password:
Last login: Tue Nov 20 16:51:41 2012 from 172.16.25.125
[root@tecmint ~]#

Limit SSH User Logins

If you have large number of user accounts on the systems, then it makes sense that we limit remote access to those users who really need it. Open the /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config

Add an AllowUsers line at the bottom of the file with a space separated by list of usernames. For example, user tecmint and sheena both have access to remote ssh.

AllowUsers tecmint sheena

Now restart ssh service.

Ravi Saive

Owner at TecMint.com
Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

4 Responses

  1. rahul says:

    hello. thank you for this.
    i like your article.
    you are very perfect in it.
    good luck

  2. Matt says:

    Hi Ravi,

    I have disabled the root SSH on CentOS with Cpanel.
    I need to reenable it but my other user now can’t access the # vi /etc/ssh/sshd_config

    User apparently does not have the sudo rights I guess..
    What can I do?

    Thank you

    • Ravi Saive says:

      Why you allowing your normal user to access sshd_config file?

    • Vien Mai says:

      You can open ssh session to the server with normal user then issue sudo su (On Ubuntu) to change to root then you can re-enable ssh for root. However, I have heard that login by root account over SSH is not encouraged due to security reason.

Leave a Reply

This work is licensed under a (cc) BY-NC | TecMint uses cookies. By using our services, you comply to use of our cookies. More info: Privacy Policy.
© 2012-2014 All Rights Reserved.