How to disable SSH login as root user – PermitRootLogin

PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.

How to check root-login is enabled or not?
Execute the command below for checking the same from command line:

# grep PermitRootLogin /etc/ssh/sshd_config


[[email protected] ~]# grep PermitRootLogin /etc/ssh/sshd_config
#PermitRootLogin no 
# the setting of "PermitRootLogin without-password".

By-default the root login is enabled in SSH conf file. You can disable it by editing the SSH conf file:

[[email protected] ~]# vim /etc/ssh/sshd_config
PermitRootLogin no

Then restart the SSH daemon:

[[email protected] ~]# /etc/init.d/sshd restart

That’s it 🙂

Try to SSH as root, see the sample output below:

[[email protected] ~]# ssh localhost
:::Hai, Welcome to crybit's SSH:::
[email protected]'s password: (root password)
Permission denied, please try again.

You can SSH to server as a user, see the example below:

[[email protected] ~]# ssh [email protected]
:::Hai, Welcome to crybit's SSH:::
[email protected]'s password: (crybit's password)
Last login: Fri Jan 31 15:22:55 2014 from localhost
[[email protected] ~]$ 
[[email protected] ~]$ 

Thanks 🙂

Related Links:
How to manage SSH permission for custom users under your server
How to create a banner/welcome-note for SSH server

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team

Leave a Reply

Your email address will not be published. Required fields are marked *