PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.
How to check root-login is enabled or not?
Execute the command below for checking the same from command line:
# grep PermitRootLogin /etc/ssh/sshd_config
[[email protected] ~]# grep PermitRootLogin /etc/ssh/sshd_config #PermitRootLogin no # the setting of "PermitRootLogin without-password".
By-default the root login is enabled in SSH conf file. You can disable it by editing the SSH conf file:
[[email protected] ~]# vim /etc/ssh/sshd_config ----- PermitRootLogin no -----
Then restart the SSH daemon:
[[email protected] ~]# /etc/init.d/sshd restart
That’s it 🙂
Try to SSH as root, see the sample output below:
[[email protected] ~]# ssh localhost :::Hai, Welcome to crybit's SSH::: [email protected]'s password: (root password) Permission denied, please try again.
You can SSH to server as a user, see the example below:
[[email protected] ~]# ssh [email protected] :::Hai, Welcome to crybit's SSH::: [email protected]'s password: (crybit's password) Last login: Fri Jan 31 15:22:55 2014 from localhost [[email protected] ~]$ [[email protected] ~]$