How to Enable or Disable Root login via SSH


This post will cover how to enable (or disbale) Root login via SSH.

It’s always best practice that any machine on the internet not allow direct Root login via SSH.

To allow Root to log in, we need to update our sshd_config file located at /etc/ssh/sshd_config.

To update this file, we need to switch over to Root:

  1. [[email protected]~]$ su root
  2. Password:
  3. [[email protected] ~]#

Go to the /ect/ssh directory:

  1. [[email protected] ~]# cd /etc/ssh
  2. [[email protected] ssh]#

Now, let’s edit our sshd_config file using vi:

  1. [[email protected] ssh]# vi sshd_config

Look for the following section (about 1/3 of the way down):

  1. #LoginGraceTime 2m
  2. PermitRootLogin no

Hit “i” to insert and then change the value for PermitRootLogin from no to yes.

Hit Escape and then :wq! to save changes and close the file.

Finally, still as Root, we need to restart SSHD using /etc/init.d/sshd restart.

  1. [[email protected] ssh]# /etc/init.d/sshd restart
  2. Stopping sshd:                                             [  OK  ]
  3. Starting sshd:                                             [  OK  ]

Exit your session, open a new terminal and confirm you are now able to login as Root:

  1. login as: root
  2. [email protected]’s password:
  3. Last login: Mon Jun 28 16:21:53 2010
  4. [[email protected] ~]#

To prevent Root log in, simply set to (or change to) PermitRootLogin no in your sshd_config

Bookmark and Share