Allow root account to use SSH (openssh)

Q. Previous admin blocked root access to ssh server. How do I allow root account access to ssh server?

A. Allowing direct root access over ssh is a security risk. However following steps will allow you to login as root over ssh session:

Open sshd_config file:
# vi /etc/ssh/sshd_config

Find out line that read as follows:
PermitRootLogin no
Set it as follows:
PermitRootLogin yes

Find out line that read as follows (this line may not exists in your configuration):
DenyUsers root user2 user3
Set is as follows:
DenyUsers user2 user3

Save and close the file. Restart the sshd:
# /etc/init.d/ssh restart

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 15 comments so far... add one

CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
15 comments… add one
  • Mika Apr 13, 2007 @ 19:04

    Your command for sshd is incorrect – should be:
    # /etc/init.d/sshd restart

    You were missing the “d” for sshd

    • Pouman Nov 14, 2013 @ 13:47

      i guess you can also use : service sshd restart

  • 🐧 nixCraft Apr 14, 2007 @ 20:59


    It can be ssh or sshd – it depends upon your Linux distro. Redhat/CentOS/FC use sshd and ssh used by Debian or Ubuntu and so on..


  • Paul Feb 27, 2009 @ 21:27

    Most people would be wanting to know how to enable this, to secure their boxes. Perhaps the unknown asker doesn’t know how to use sudo or su properly so that you can log in remotely via a safe, unprivileged user account and then, once the connection is secure, issue privileged commands or switch to a privileged account? Or perhaps s/he wishes to have unrestricted access to the computer with no tracking of who issued what commands?

    • Elgs Feb 13, 2014 @ 8:03

      Sometimes, people need more convenience than safety.

  • Nick Wierdo Oct 20, 2009 @ 0:15

    just do a ” svcadm restart ssh”

    • Luis García Jul 18, 2011 @ 12:20

      That only would work on Solaris :-)

  • Rhea May 12, 2011 @ 9:57


    I wanted to enable root login via ssh in my server, but couldn’t see the below file on the server. Please help.


    • Radu Apr 23, 2012 @ 10:36

      One year late, but maybe it will be helpful for somebody else:
      it’s possible that you don’t see the sshd_config file because you don’t have the OpenSSH suite (or any other ssh servers) installed on the remote machine.

  • Benjy Mar 4, 2013 @ 4:09

    You also need to add root to Allowusers

    • Linus Sep 21, 2016 @ 18:24

      I did The PermitRootLogin thing and also Allowusers…. still not working!! what goes wrong?

  • Sorin Apr 18, 2013 @ 11:11

    Hi there :)

    how can you change sshd_config file to enable root ssh access, since you can not login to ssh with root?

    I can only login in ssh with a user password, i have the root password too but first i have to change that file wich is readonly and I can not change it, I tried “chmod a=rwx sshd_config” but “operation not permitted” ..


    • Aram Iskenderian Jun 14, 2013 @ 16:43


      This assumes that you have local root access to your server. For Redhat based Linux, you ssh as a non-privileged user, su – and then you become root, and then apply the changes. For Debian based Linux, ssh as a non-privileged user, sudo -i become root, and then apply the changes.

      The whole point in disabling remote root access is to reduce the possibility of your server getting broken into if your root password is weak or server is not up to date in security/updated software.
      Remember not to enable this on a server that has Internet connection and can be reached over the Internet, unless you absolutely have to, and if you did, I strongly recommend tightening your iptables rules, and use something like fail2ban, along with log watch/snort, …etc.

  • Wojtek Apr 20, 2013 @ 19:06

    Thanks, tips works on my Debian :).

  • Sirag Jan 31, 2015 @ 18:49

    on Ubuntu 14.04.1 LTS \n \l /etc/init.d/ssh restart doens’t work, use instead:
    service ssh restart

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @