Disable Root SSH Login on Linux

When it comes to server security, one of the simplest methods—perhaps the easiest—is disabling root login over SSH. It’s a quick configuration change—but one that blocks an entire category of brute-force and credential-stuffing attacks.

In this guide, we’ll walk you through why and how to disable SSH root login on Linux. You’ll understand the benefits, and the exact steps to implement the change confidently.

Why You Should Disable Root SSH Login

On linux root user has all privileges. If an attacker gets access via root, it’s game over—no escalation needed. That’s why allowing direct root login over SSH is risky:

• ❌ All-powerful access: No need for privilege escalation—it’s full control immediately.
• ❌ Common brute-force target: "root" is a well-known default username.
• ❌ Blind spot: Shared root access makes it hard to trace who did what.

By disabling root login, you force users to SSH in with their own accounts and escalate privileges via sudo. That leaves audit trails, improves accountability, and dramatically lowers the attack surface.

Step-by-Step: Disable SSH Root Login

Before you start, make sure you have a non-root user with sudo privileges and SSH access. Otherwise, you might lock yourself out.

1. Log in as a non-root sudo user

If you don’t have one yet:

adduser myadmin
usermod -aG sudo myadmin

Then, log in as myadmin:

ssh myadmin@your-server-ip

2. Open the SSH configuration file

You can use nano, vim, or your any preferred text editor to edit the SSH configuration file.

sudo nano /etc/ssh/sshd_config

3. Find and update the PermitRootLogin directive

In this file, search for this line:

PermitRootLogin yes

And change it to:

PermitRootLogin no

If the line is commented out (#), uncomment it and set it explicitly to no.

4. Restart the SSH service

In the last step, restart the SSH service to apply the changes.

sudo systemctl restart sshd

Or on older systems:

sudo service ssh restart

5. Test it

Open a new terminal and try logging in as root:

ssh root@your-server-ip

You should get a message like this:

Permission denied, please try again.

Perfect! You’ve successfully disabled root login over SSH.

Final Thoughts

Disabling root login over SSH is a simple yet powerful security step.Want to go further? Consider setting up SSH key authentication. Stay secure. Code smart. And never log in as root over SSH again.

Thank you for reading.