How to Disable SSH Root Login in Linux

The root account is often the most targeted account by crackers via SSH under Linux. An enabled SSH root account on a Linux server exposed to a network or, worse, exposed in Internet can pose a high degree of security concern by system administrators.

The SSH root account should be disabled in all cases in Linux in order to harden your server security. You should login via SSH on a remote server only with a normal user account and, then, change privileges to root account via sudo or su command.

In order to disable SSH root account, first log in to your server console with a normal account with root privileges by issuing the below commands.

$ su tecmint
$ sudo su -   # Drop privileges to root account

After you’ve logged in to console, open the main SSH configuration file for editing with your favorite text editor by issuing the below command. The SSH main configuration file is usually located in /etc/ssh/ directory in most of Linux distributions.

# vi /etc/ssh/sshd_config

In this file, search for the line “PermitRootLogin” and update the line to look like in the below file excerpt. On some Linux distributions, the “PermitRootLogin” line is preceded by the hashtag sign (#) meaning that the line is commented. In this case uncomment the line by removing the hashtag sign and set the line to no.

PermitRootLogin no
Disable SSH Root Login
Disable SSH Root Login

After you’ve made the above changes, save and close the file and restart the SSH daemon to apply changes by issuing one of the below commands, specific to your Linux distribution.

# systemctl restart sshd
# service sshd restart
# /etc/init.d/ssh restart

In order to test if the new configuration has been successfully applied, try to login with root account to the server via SSH from a remote system by issuing the below command.

The remote SSH login process for root account should be automatically denied by our SSH server, as illustrated in the below screenshot.

SSH Root Login Denied
SSH Root Login Denied

That’s all! You shouldn’t be able remotely login to SSH server with root account via password or via public key authentication mechanisms.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

2 thoughts on “How to Disable SSH Root Login in Linux”

  1. I really can’t understand it, I’ve tried to access another machine using ssh, and it required the machine password I added it and that’s it, now I made PermitRootLogin no, saved it and restarted the ssh, and tried to log in with root again: added the password and I connected just as if nothing changed ….and it worked just fine without any problems!

  2. Additioonally, you can edit the /etc/security/access.conf file.

    -:root:ALL ecept LOCAL

    disallows all remote logins, but allows local (console) logins.


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.