Disable or Enable SSH Root Login in Linux

The root is the superuser account in Linux based systems. We will get complete system access If we access the root account. For security reasons, It’s not a good idea to have ssh root access enabled for users. The best approach in terms of security you should create a normal user account and switch to the root user and then disable SSH logins for the root account

Useful Articles:

• HOW TO CONFIGURE A CHROOT JAIL FOR SSH ACCESS IN LINUX
• HOW TO CONFIGURE SSH KEY-BASED AUTHENTICATION ON A LINUX SERVER
• OPENSSH SERVER BEST SECURITY PRACTICES
• HOW TO CREATE SSH KEYS ON A LINUX
• DIFFERENCE BETWEEN TELNET AND SSH IN LINUX
• SSH INTERVIEW QUESTIONS AND ANSWERS
• ALLOW/DENY LOGINS VIA SSH SERVER USING PAM MODULE
• BLOCK SSH SERVER ATTACKS USING DENYHOSTS IN CENTOS/RHEL 5/6/7
• HOW TO ENABLE SSH LOGIN EMAIL ALERTS NOTIFICATION

This article will try to explain how to disable or enable SSH root logins.

Create Normal User:

First, create a normal user account on the Linux server. You can create the account using useradd command.

Disable SSH logins for root:

We use the ssh configuration file to disable root login.

# vim /etc/ssh/sshd_config

Search for the following line in the file.

#PermitRootLogin yes

If there is “#” at the beginning of the line then remove it or If the parameter value is “yes” then change it to “no”

PermitRootLogin no

Next, restart the SSH service using the mentioned command.

# systemctl restart sshd
OR
# /etc/init.d/sshd restart

You can try to log in with the root user.

# ssh root@10.0.0.4

Now, we will try to log in with normal user and then with the help of the ‘su’ command will switch to root.

Enable SSH Root Login

To enable ssh root logging we will use the SSH configuration file.

# vi /etc/ssh/sshd_config

Change the below parameter from no to yes.

PermitRootLogin yes

Restart the sshd service.

# systemctl restart sshd
OR
# /etc/init.d/sshd restart

Now try to log in with the root user.

ssh root@10.0.0.4

Allow or Deny SSH access to a particular user or group in Linux

If you have multiple user accounts but you want to allow or deny access for some particular user.

# vi /etc/ssh/sshd_config

Allow Particular Users:
Add the AllowUsers line at the bottom of the file.

AllowUsers anuket.jain sheena.aggarwal

Deny Particular Users:
Add the DenyUsers line at the bottom of the file.

DenyUsers user1, user3

Now, Restart the sshd service.

# systemctl restart sshd
OR
# /etc/init.d/sshd restart

Enjoy it!