How To: Disable Root SSH Login on Linux
If you have your own server chances are you will want to keep it secure from unauthorized users. One security tip I always recommend to people who are setting up a new server is to disable the ability to login as root with SSH. By disabling root SSH login capabilities you are putting up another road block for those unwanted users who may try and use brute force techniques to gain access to your server.
When you disable root SSH logins, the intruder would need to know your login and then figure out your root login credentials once they were able to login as you. Thus making it a bit more difficult for them to gain access. Before you go ahead and disable root logins via SSH, it’s important that you have a separate user account setup so you can still login via SSH once you disable root logins.
The separate account can be used to login via SSH and then you can use the “su” command to switch over to the root user once you have logged in. Adding a separate account on your linux server is very easy. As root simply use the adduser command and follow the prompts. Once you have the user added, follow the steps below to disable root logins via SSH.
The following commands should be executed as root.
nano /etc/ssh/sshd_config
Then find the following lines:
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
Where it says PermitRootLogin yes change it to PermitRootLogin no
Then save the changes by hitting Control + O.
After you have saved the changes, you will need to restart the SSH daemon by using the following command:
/etc/init.d/sshd restart
That’s it. Now open a new SSH window and try and login as root – it shouldn’t allow it.