Howto: Prevent root user from being able to log in via SSH service

last updated in Categories , , ,

Securing root account is one of the main tasks. Most systems have a password assigned to the root account. The first thing you do is assume that the password is always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console. Direct root logins should only be allowed via the system console.

1) Login as a root user

2) Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config

3) Make changes to ssh server configuration find the following line or edit the line from:
PermitRootLogin yes

Change it to:
PermitRootLogin no

4) Save the changes

5) Restart sshd service
# /etc/init.d/sshd restart

The option PermitRootLogin specifies whether root can log in using ssh.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

1 comment

    Have a question? Post it on our forum!