PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.
How to check root-login is enabled or not?
Execute the command below for checking the same from command line:
# grep PermitRootLogin /etc/ssh/sshd_config
[root@localhost ~]# grep PermitRootLogin /etc/ssh/sshd_config #PermitRootLogin no # the setting of "PermitRootLogin without-password".
By-default the root login is enabled in SSH conf file. You can disable it by editing the SSH conf file:
[root@localhost ~]# vim /etc/ssh/sshd_config ----- PermitRootLogin no -----
Then restart the SSH daemon:
[root@localhost ~]# /etc/init.d/sshd restart
That’s it 🙂
Try to SSH as root, see the sample output below:
[root@localhost ~]# ssh localhost :::Hai, Welcome to crybit's SSH::: root@localhost's password: (root password) Permission denied, please try again.
You can SSH to server as a user, see the example below:
[root@localhost ~]# ssh crybit@localhost :::Hai, Welcome to crybit's SSH::: crybit@localhost's password: (crybit's password) Last login: Fri Jan 31 15:22:55 2014 from localhost [crybit@localhost ~]$ [crybit@localhost ~]$