How to disable SSH login as root user – PermitRootLogin

PermitRootLogin – is an important directive in SSH configuration file to control the ssh login as root user. It is useful to protect the server from others by disabling the root user from SSH. In this method, you can assign SSH authentication to a user in your server and you can change to root after establishing a connection as user.

How to check root-login is enabled or not?
Execute the command below for checking the same from command line:

# grep PermitRootLogin /etc/ssh/sshd_config


[root@localhost ~]# grep PermitRootLogin /etc/ssh/sshd_config
#PermitRootLogin no 
# the setting of "PermitRootLogin without-password".

By-default the root login is enabled in SSH conf file. You can disable it by editing the SSH conf file:

[root@localhost ~]# vim /etc/ssh/sshd_config
PermitRootLogin no

Then restart the SSH daemon:

[root@localhost ~]# /etc/init.d/sshd restart

That’s it 🙂

Try to SSH as root, see the sample output below:

[root@localhost ~]# ssh localhost
:::Hai, Welcome to crybit's SSH:::
root@localhost's password: (root password)
Permission denied, please try again.

You can SSH to server as a user, see the example below:

[root@localhost ~]# ssh crybit@localhost
:::Hai, Welcome to crybit's SSH:::
crybit@localhost's password: (crybit's password)
Last login: Fri Jan 31 15:22:55 2014 from localhost
[crybit@localhost ~]$ 
[crybit@localhost ~]$ 

Thanks 🙂

Related Links:
How to manage SSH permission for custom users under your server
How to create a banner/welcome-note for SSH server

Arunlal Ashok

Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Any questions? Write to arun (@)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *