- Forums
- Linux Hosting
- Disable Root Account Login in SSH
This Short Tutorial Will Show You What Commands To Use To Disable Root User Login To A Ssh Terminal. Disabling Root Username In Sshd Is Easy With These Steps [1338], Last Updated: Sun Jul 05, 2020
Webune Support
Sat Feb 13, 2010
1 Comments
310 Visits
this short tutorial will show you what commands to use to disable root user login to a ssh terminal. this configuration will prevent users from login into SSH session using the root username. disabling root username in sshd is easy with these steps:
WARNING: it is IMPORTANT that you make sure before you continue with these steps that you either have created or create another user other than root so you can access your server through SSH. Otherwise, if you only have root username in your system, you will just lock yourself out from remotely accessing your server. Continue at your own RISK!!!login as superuser and edit the
/etc/ssh/sshd_config file
first thing we are going to do is to make a copy of the original sshd_config file just incase you mess up:
SHELL COMMAND:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config-bk
i will be using nano as my text editor, you can use your favorite if you want. like VI or pico. i like nano because its easy to use
SHELL COMMAND:
nano /etc/ssh/sshd_config
now uncomment the Protocol 2 line:
find:
#Protocol 2Change to:
Protocol 2now look for the PermitRootLogin configuration settings and change:
from:
PermitRootLogin yesto
PermitRootLogin nosave changes and exit the shell, it order for the changes to take affect you need to restart the sshd server with this command:
SHELL COMMAND:
/etc/rc.d/init.d/sshd restart
now quit the current shell session and start a new one, you should not be able to login as the root user anymore
NOTE: this was tested on a Redhat, Fedora, CentOS server
1. to make it more secured, you can also change the default port 22 to a different port, for example port 7892 when you open the sshd_config file, you can make the changes there
2. install denyhosts on your server:
http://denyhosts.sourceforge.net/faq.html#1_0
https://www.webune.com/forums/disable-root-account-login-in-ssh.html