DEV Community

Anusha Kuppili
Anusha Kuppili

Posted on

๐Ÿ”’ Disable Root SSH Login โ€” Simple Step, Huge Security Win

If you're managing Linux servers in any capacity โ€” production, staging, or internal โ€” you need to ask yourself one thing:

Why is root allowed to SSH in directly?

Hereโ€™s the thing: direct root login over SSH is a security risk thatโ€™s just not worth it. It gives attackers a straight shot at the most powerful user on your system. That's why one of the first things I do when hardening servers is disable it.

Letโ€™s break down how to do that cleanly and safely.

โ—Why This Matters
Allowing root to log in over SSH is convenient, but itโ€™s a massive attack surface:

Brute-force bots love targeting the root account

No accountability (you canโ€™t tell who logged in)

One password = total compromise

By disabling root login:

You force users to authenticate with their own accounts

You get better visibility via sudo logs

You reduce your SSH attack surface by a mile

โœ… How To Disable Root SSH Login

  1. SSH into your server as a non-root user:
ssh your_user@your_server
Enter fullscreen mode Exit fullscreen mode
  1. Open the SSH config file:
sudo vi /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Find this line:
#PermitRootLogin yes
Enter fullscreen mode Exit fullscreen mode

Uncomment and change it to:

PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode
  1. Save and exit, then restart SSH:
sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode
  1. Double-check itโ€™s applied:
sudo grep -i PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode

๐Ÿง  Good To Know
Donโ€™t lock yourself out โ€” make sure your user has sudo access before doing this.

For larger environments, automate this with tools like Ansible or Terraform.

You can take it a step further by disabling password login entirely and switching to key-based auth.

๐Ÿš€ Wrapping Up
Disabling SSH root login is one of those low-effort, high-impact security moves that should be standard across your entire infrastructure. Itโ€™s fast, itโ€™s easy, and it adds a solid layer of protection.

If you havenโ€™t done this yet โ€” nowโ€™s the time.

Top comments (0)