Linux: Openssh (ssh server) deny root user access

by on August 2, 2007 · 3 comments· LAST UPDATED August 2, 2007

in , ,

Q. How do I block access to root user over ssh session?

A.. sshd (OpenSSH Daemon) is the daemon program for ssh. Server side ssh configuration is defined in /etc/ssh/sshd_config file.

You need to use DenyUsers option to block access to root user.

This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

Open /etc/ssh/sshd_config file

Use vi command:
# vi /etc/ssh/sshd_config

Deny root user access

Append or modify as follows to block root user:
DenyUsers root

If you want to block additional user just append names to DenyUsers
DenyUsers root, user2, user3

Save and close the file. Restart sshd service:
#/etc/init.d/sshd restart

Tweet itFacebook itG+ itDownload PDF versionFound an error/typo on this page?

{ 3 comments… read them below or add one }

1 slashx August 28, 2007 at 9:42 am

in /etc/ssh/sshd_config
setting this:
PermitRootLogin no

should also do the same thing, but denyusers works too :)


2 Wasim March 15, 2013 at 5:18 am

Nice Blog…


3 Wasim March 15, 2013 at 5:21 am

vi /etc/ssh/sshd_config
Find the below line first
#PermitRootLogin yes
Add a new line below this entry
PermitRootLogin no


Leave a Comment

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: