Allow root account to use SSH (openssh)

Posted on in Categories , , , last updated January 27, 2007

Q. Previous admin blocked root access to ssh server. How do I allow root account access to ssh server?

A. Allowing direct root access over ssh is a security risk. However following steps will allow you to login as root over ssh session:

Open sshd_config file:
# vi /etc/ssh/sshd_config

Find out line that read as follows:
PermitRootLogin no
Set it as follows:
PermitRootLogin yes

Find out line that read as follows (this line may not exists in your configuration):
DenyUsers root user2 user3
Set is as follows:
DenyUsers user2 user3

Save and close the file. Restart the sshd:
# /etc/init.d/ssh restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

15 comment

  1. Most people would be wanting to know how to enable this, to secure their boxes. Perhaps the unknown asker doesn’t know how to use sudo or su properly so that you can log in remotely via a safe, unprivileged user account and then, once the connection is secure, issue privileged commands or switch to a privileged account? Or perhaps s/he wishes to have unrestricted access to the computer with no tracking of who issued what commands?

    1. One year late, but maybe it will be helpful for somebody else:
      it’s possible that you don’t see the sshd_config file because you don’t have the OpenSSH suite (or any other ssh servers) installed on the remote machine.

  2. Hi there :)

    how can you change sshd_config file to enable root ssh access, since you can not login to ssh with root?

    I can only login in ssh with a user password, i have the root password too but first i have to change that file wich is readonly and I can not change it, I tried “chmod a=rwx sshd_config” but “operation not permitted” ..

    thanks

    1. @Sorin,

      This assumes that you have local root access to your server. For Redhat based Linux, you ssh as a non-privileged user, su – and then you become root, and then apply the changes. For Debian based Linux, ssh as a non-privileged user, sudo -i become root, and then apply the changes.

      The whole point in disabling remote root access is to reduce the possibility of your server getting broken into if your root password is weak or server is not up to date in security/updated software.
      Remember not to enable this on a server that has Internet connection and can be reached over the Internet, unless you absolutely have to, and if you did, I strongly recommend tightening your iptables rules, and use something like fail2ban, along with log watch/snort, …etc.

Leave a Comment