Allow root account to use SSH (openssh)

by on November 2, 2006 · 13 comments· LAST UPDATED January 27, 2007

in , ,

Q. Previous admin blocked root access to ssh server. How do I allow root account access to ssh server?

A. Allowing direct root access over ssh is a security risk. However following steps will allow you to login as root over ssh session:

Open sshd_config file:
# vi /etc/ssh/sshd_config

Find out line that read as follows:
PermitRootLogin no
Set it as follows:
PermitRootLogin yes

Find out line that read as follows (this line may not exists in your configuration):
DenyUsers root user2 user3
Set is as follows:
DenyUsers user2 user3

Save and close the file. Restart the sshd:
# /etc/init.d/ssh restart

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 13 comments… read them below or add one }

1 Mika April 13, 2007 at 7:04 pm

Your command for sshd is incorrect – should be:
# /etc/init.d/sshd restart

You were missing the “d” for sshd

Reply

2 Pouman November 14, 2013 at 1:47 pm

i guess you can also use : service sshd restart

Reply

3 nixCraft April 14, 2007 at 8:59 pm

Mika,

It can be ssh or sshd – it depends upon your Linux distro. Redhat/CentOS/FC use sshd and ssh used by Debian or Ubuntu and so on..

HTH

Reply

4 Paul February 27, 2009 at 9:27 pm

Most people would be wanting to know how to enable this, to secure their boxes. Perhaps the unknown asker doesn’t know how to use sudo or su properly so that you can log in remotely via a safe, unprivileged user account and then, once the connection is secure, issue privileged commands or switch to a privileged account? Or perhaps s/he wishes to have unrestricted access to the computer with no tracking of who issued what commands?

Reply

5 Elgs February 13, 2014 at 8:03 am

Sometimes, people need more convenience than safety.

Reply

6 Nick Wierdo October 20, 2009 at 12:15 am

just do a ” svcadm restart ssh”

Reply

7 Luis GarcĂ­a July 18, 2011 at 12:20 pm

That only would work on Solaris :-)

Reply

8 Rhea May 12, 2011 at 9:57 am

Hi,

I wanted to enable root login via ssh in my server, but couldn’t see the below file on the server. Please help.

/etc/ssh/sshd_config

Reply

9 Radu April 23, 2012 at 10:36 am

One year late, but maybe it will be helpful for somebody else:
it’s possible that you don’t see the sshd_config file because you don’t have the OpenSSH suite (or any other ssh servers) installed on the remote machine.

Reply

10 Benjy March 4, 2013 at 4:09 am

You also need to add root to Allowusers

Reply

11 Sorin April 18, 2013 at 11:11 am

Hi there :)

how can you change sshd_config file to enable root ssh access, since you can not login to ssh with root?

I can only login in ssh with a user password, i have the root password too but first i have to change that file wich is readonly and I can not change it, I tried “chmod a=rwx sshd_config” but “operation not permitted” ..

thanks

Reply

12 Aram Iskenderian June 14, 2013 at 4:43 pm

@Sorin,

This assumes that you have local root access to your server. For Redhat based Linux, you ssh as a non-privileged user, su – and then you become root, and then apply the changes. For Debian based Linux, ssh as a non-privileged user, sudo -i become root, and then apply the changes.

The whole point in disabling remote root access is to reduce the possibility of your server getting broken into if your root password is weak or server is not up to date in security/updated software.
Remember not to enable this on a server that has Internet connection and can be reached over the Internet, unless you absolutely have to, and if you did, I strongly recommend tightening your iptables rules, and use something like fail2ban, along with log watch/snort, …etc.

Reply

13 Wojtek April 20, 2013 at 7:06 pm

Thanks, tips works on my Debian :).

Reply

Leave a Comment

Tagged as:

Previous Faq:

Next Faq: