How to disable SSH login as root user – PermitRootLogin

PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.

How to check root-login is enabled or not?
Execute the command below for checking the same from command line:

# grep PermitRootLogin /etc/ssh/sshd_config

Example:

[root@localhost ~]# grep PermitRootLogin /etc/ssh/sshd_config
#PermitRootLogin no 
# the setting of "PermitRootLogin without-password".

By-default the root login is enabled in SSH conf file. You can disable it by editing the SSH conf file:

[root@localhost ~]# vim /etc/ssh/sshd_config
-----
PermitRootLogin no
-----

Then restart the SSH daemon:

[root@localhost ~]# /etc/init.d/sshd restart

That’s it 🙂

Try to SSH as root, see the sample output below:

[root@localhost ~]# ssh localhost
:::Hai, Welcome to crybit's SSH:::
root@localhost's password: (root password)
Permission denied, please try again.

You can SSH to server as a user, see the example below:

[root@localhost ~]# ssh crybit@localhost
:::Hai, Welcome to crybit's SSH:::
crybit@localhost's password: (crybit's password)
Last login: Fri Jan 31 15:22:55 2014 from localhost
[crybit@localhost ~]$ 
[crybit@localhost ~]$ 

Thanks 🙂

Related Links:
How to manage SSH permission for custom users under your server
How to create a banner/welcome-note for SSH server
/etc/hosts.allow
/etc/hosts.deny

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

Leave a Reply

Your email address will not be published. Required fields are marked *