Onjsdev

Share

Disable SSH Root Login On Linux Server

Disable SSH Root Login On Linux Server

By onjsdev

Dec 16th, 2023

Disabling SSH root login is a good security practice to improve the security of your Linux server. Here are the steps to disable root login via SSH

Before beginning, please note that this article will not cover generating a new SSH key. Ensure that you already have an SSH key and a connection to the server as the root user.

Connect To Your Linux Server With Root User

Connect to your server with the root user to create a new user.

ssh root@your-ip-address

Create New User

Now create a new user to perform operations on your server. When you run the following command, you will be asked to provide a password and extra informations, so follow the instructions on your terminal.

adduser your-new-user-name

Give Sudo Privileges To Your New User

sudo is a special group that have grant to execute command on your server without needing root user, so add your new user this group.

usermod -aG sudo  your-new-user-name

Introduce Your New User To Your Local Machine

Your local device doesn't regocnize the new user, so go to your local terminal and copy your public ssh key manually.

cat ~/.ssh/id_rsa.pub

Create .ssh File To Add Your SSH Key To Linux Server

On your remote linux server, switch the users and create a file to save ssh key copied on your local machine.

-- Switch Users
su your-new-user-name

-- Create a file to store the public ssh key.
sudo mkdir ~/.ssh

-- Open the file and paste your SSH key you copied in your local machine.
sudo nano ~/.ssh/authorized_keys

After pasting the ssh key, press control X, type y and press enter to save. Now you are able to connect to the server with root and the new user. But let's take a look at how to disable the root login.

Configure Your SSH Settings On Linux Server

Now you are ready to disable the root login. There is only a few steps to achieve. First, connect with the root user to the server

ssh root@your-ip-address

Open the config file in edit mode and set no to PermitRootLogin as shown image belowi

nano /etc/ssh/sshd_config

Disable SSH Root Login On Linux

Restart SSHD Service

To apply the changes, restart the SSH service. The command may vary depending on your Linux distribution:

service sshd restart

Test Your SSH Connection To Ubuntu Linux Server

Open a new terminal window and try to log in as both the root user and your new user.

- With Root User

You should see a message indicating that the root login is not allowed as shown below.

SSH Root Login Denied

- With Your New User

Now, check if you can connect to the server with your new user.

ssh your-new-user-name@your-ip-address

Conclusion

That's all. In this article we have shown how to disable the SSH root user login and create a new user to connect to the remote linux server for improving the server's security.

Thank you for reading