Securing SSH access is one of the simplest yet most effective ways to protect your Linux servers. By default, many servers allow root login via SSH, which can be risky. Disabling root login ensures that administrative access is only possible through non-root users with sudo privileges. Here’s a straightforward guide.
Step 1: Log in as a Non-Root User
Before disabling root login, make sure you have a non-root user with sudo privileges. For example, if you don’t already have one, you can create it like this:
sudo adduser yourusername
sudo usermod -aG sudo yourusername
Then log in using that user:
ssh yourusername@server_ip
Step 2: Edit the SSH Configuration
Open the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_config
Look for the line:
#PermitRootLogin yes
Change it to:
PermitRootLogin no
This disables root login via SSH.
Step 3: Restart the SSH Service
After editing the configuration, restart SSH to apply the changes:
sudo systemctl restart sshd
On some systems (like Ubuntu/Debian), the service may be called
sshinstead ofsshd:
sudo systemctl restart ssh
Step 4: Verify Non-Root Access
Before closing your session, test that your non-root user can log in and use sudo:
ssh yourusername@server_ip
sudo whoami
It should return root. This confirms that administrative access is still available without using the root account.
Step 5: Optional Security Checks
For extra security, you can review recent login attempts to detect any failed root access:
sudo journalctl -u sshd | grep "root"
Conlcusion
Disabling root login reduces the risk of brute-force attacks and limits the number of accounts attackers can target. Always make sure at least one non-root user has sudo privileges to manage the system safely.
Top comments (0)