onjsdev

Disable SSH Root Login On Linux Server

By onjsdev

You can improve the security of your remote Linux servers by disabling authentication with the root user and creating a new user to connect to the server. Before beginning, please note that this article will not cover generating a new SSH key. Ensure that you already have an SSH key and a connection to the server as the root user.

Connect To Your Linux Server With Root User

ssh root@your-ip-address

Create New User

When you run the following command, you will be asked to provide a password and extra informations, so follow the instructions on your terminal.

adduser your-new-user-name

Add New User To Sudo Group To Give Sudo Privileges

sudo is a special group that have grant to execute command on your server without needing root user, so add your new user this group.

usermod -aG sudo  your-new-user-name

Introduce New User To Your Local Machine

Your local device doesn't regocnize the new user, so go to your local terminal and copy your public ssh key manually.

cat ~/.ssh/id_rsa.pub

Create .ssh File To Add Your SSH Key To Linux Server

On your remote linux server, switch the users and create a file to save ssh key copied on your local machine.

-- Switch Users
su your-new-user-name

-- Create a file to store the public ssh key.
sudo mkdir ~/.ssh

-- Open the file and paste your SSH key you copied in your local machine.
sudo nano ~/.ssh/authorized_keys

After pasting the ssh key, press control X, type y and press enter to save. Now you are able to connect to the server with root and the new user. But let's take a look at how to disable root login.

Configure Your SSH Settings In Ubuntu Linux Server

-- Connect with the root user to the server
ssh root@your-ip-address

-- Open the config file in edit mode and set no to PermitRootLogin
nano /etc/ssh/sshd_config

disable-root-login.png

Restart SSHD Service

service sshd restart

Test Your SSH Connection To Ubuntu Linux Server

- With Root User

Now you can test connecting to the server with the root user from different terminal. You should receive the following message.

root-login-denied.png

- With New User

ssh your-new-user-name@your-ip-address

Conclusion

In this article we have shown how to disable the root user login and create a new user to connect to the remote linux server for improving the server's security.

Thank you for reading