Disable or Enable SSH Root Login and Limit SSH Access in Linux

Everyone knows that Linux systems come with root user access and by default, root access is enabled for the outside world.

For security reasons, it’s not a good idea to have ssh root access enabled for unauthorized users. Because any hacker can try to brute force your password and gain access to your system.

Disable SSH Root Login
Disable SSH Root Login

So, it’s better to have another account that you regularly use and then switch to the root user by using the ‘su –‘ command when necessary. Before we start, make sure you have a regular user account and with that, you su or sudo to gain root access.

[ You might also like: How to Secure and Harden OpenSSH Server ]

In Linux, it’s very easy to create a separate account, log in as a root user and simply run the adduser command to create a separate user. Once the user is created, just follow the below steps to disable root login via SSH.

We use sshd master configuration file to disable root login and this will may decrease and prevent the hacker from gaining root access to your Linux box. We also see how to enable root access again as well as how to limit ssh access based on users’ list.

Disable SSH Root Login

To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.

# vi /etc/ssh/sshd_config

Search for the following line in the file.

#PermitRootLogin no

Remove the ‘#‘ from the beginning of the line.  Make the line look similar to this.

PermitRootLogin no
Disable Root Login in Linux
Disable Root Login in Linux

Next, we need to restart the SSH daemon service.

# systemctl restart sshd
OR
# /etc/init.d/sshd restart

Now try to log in with the root user, you will get a “Permission denied” error.

$ ssh [email protected]
[email protected]'s password: 
Permission denied, please try again.
SSH Permission Denied Error
SSH Permission Denied Error

So, from now onwards login as a normal user and then use the ‘su’ command to switch to root user.

$ ssh [email protected]
[email protected]'s password:
Last login: Mon Dec 27 15:04:58 2021 from 192.168.0.161

$ su -
Password:
Last login: Mon Dec 27 15:05:07 IST 2021 on pts/1
SSH User Login
SSH User Login

Enable SSH Root Login

To enable ssh root logging, open the file /etc/ssh/sshd_config.

# vi /etc/ssh/sshd_config

Search for the following line and remove the ‘#‘ at the beginning and save the file.

PermitRootLogin yes
Enable Root Login in Linux
Enable Root Login in Linux

Restart the sshd service.

# systemctl restart sshd
OR
# /etc/init.d/sshd restart

Now try to log in with the root user.

$ ssh [email protected]
[email protected]'s password:
Last login: Mon Dec 27 15:14:54 2021 from 192.168.0.161
SSH Root Login
SSH Root Login

Limit SSH User Logins

If you have a large number of user accounts on the systems, then it makes sense that we limit remote SSH access to those users who really need it. Open the /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config

Add an AllowUsers line at the bottom of the file with a space separated by a list of usernames. For example, user tecmint and sheena both have access to remote ssh.

AllowUsers tecmint sheena
Limit SSH User Login
Limit SSH User Login

Now restart ssh service.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

20 thoughts on “Disable or Enable SSH Root Login and Limit SSH Access in Linux”

  1. Nevermind I was getting hacked while I was trying to do this and that was the cause of all my issues. It worked great on the new server I ended up having to install. Sorry about all the comments!

    Reply
    • @Chris,

      Thanks for the latest update, you almost scared me, even I am wondering what’s wrong with my article how its broken your server…..

      Reply
  2. Oh no this is worse than I thought, it appears to have completely broken my server. All my sites are giving me Apache HTTP server error pages. I need help as soon as possible. How could this have broken my server? I can still access the server with Webmin and from the server directly, apache web server is still running.. I don’t understand how just changing the root user permission and changing it back messed everything up so bad.

    Reply
  3. After I disabled root access, I can no longer connect via SSH at all with either Putty or WinSCP. I get the following error before I even get to type in my username… “Network error: Software caused connection abort”

    I even went back and re-enabled root access but it didn’t work, I still can’t access my server using SSH.

    I would appreciate any advice anyone has for me.

    Thanks,

    Chris

    Reply
  4. There are steps in the article like this:

    Restart the sshd service.
    # /etc/init.d/sshd restart

    Restarting can kill existing SSH connections to the host.

    Instead of restarting when only reconfiguration is needed you can send SSHD process the SIGHUP signal with KILL command:

    sudo kill -s SIGHUP $SSHDPID

    You will need $SSHDPID, process ID for SSHD , it can be found by a command like

    ps -AF | grep /usr/sbin/sshd

    Reply
  5. Need document of ” how to existing windows 2003 domain convert into Linux domain without distrubence of existing.

    Reply
  6. Hi Ravi,

    I have disabled the root SSH on CentOS with Cpanel.
    I need to reenable it but my other user now can’t access the # vi /etc/ssh/sshd_config

    User apparently does not have the sudo rights I guess..
    What can I do?

    Thank you

    Reply
    • You can open ssh session to the server with normal user then issue sudo su (On Ubuntu) to change to root then you can re-enable ssh for root. However, I have heard that login by root account over SSH is not encouraged due to security reason.

      Reply

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.