How to Disable Root Login in SSH

Disabling root login via SSH is an important security measure to protect your server from unauthorized access. By preventing direct root access, you mitigate the risk of brute-force attacks and enhance your system’s security posture. This tutorial will guide you through the process of disabling root login in SSH.

1. Open SSH Configuration File

The SSH configuration file is located at /etc/ssh/sshd_config. To edit this file, open a terminal and run:

sudo nano /etc/ssh/sshd_config

2. Locate the PermitRootLogin Directive

In the opened file, look for the following line:

#PermitRootLogin yes

This line is typically commented out (# indicates it’s inactive). You will need to modify it.

3. Modify the Directive

Change the line to:

PermitRootLogin no

This setting prevents root from logging in via SSH. Make sure to remove the # to uncomment the line.

4. Save Changes and Exit

After making the change, save the file and exit the text editor. In nano, you can do this by pressing Ctrl + O, then Enter to confirm, followed by Ctrl + X to exit.

5. Restart SSH Service

To apply the changes you made, restart the SSH service:

sudo systemctl restart sshd

This ensures the new configuration takes effect.

6. Verify Changes

To verify that root login is disabled, attempt to log in as the root user:

ssh root@your_server_ip

You should receive a message indicating that permission is denied. If you can still log in as root, double-check your changes and ensure you saved the configuration correctly.

7. Conclusion

By following this tutorial, you have successfully disabled root login via SSH, enhancing the security of your Linux server. It’s recommended to create a non-root user with sudo privileges for administrative tasks instead of using the root account directly. Regularly review your security settings to maintain robust protection for your systems!