Vivek Kaushik
Vivek's Blog

Vivek's Blog

Disable Root And Password Login via SSH

Disable Root And Password Login via SSH

Vivek Kaushik's photo
Vivek Kaushik

Published on Mar 26, 2021

2 min read

I shouldn't need to tell you why login as root via SSH can be dangerous. If somebody (hacker/unwanted person) were to get into your server and they have root access, that can be a sign of trouble. You see with root access they can do virtually anything. So disabling root access can be a good move for your server security.

In order to disable root login, you must first ensure that there is a normal user account available for you to log in after root login is disabled.

Creating a new user

sudo adduser "username"

Change the username with the desired username for your new user. Also, don't apply quotes. After executing the command you'll be presented with a form asking for the user's information, just enter whatever you want.

Now that the user is created, open the /etc/ssh/sshd_config inside your favourite text editor.

sudo nano /etc/ssh/sshd_config

In this file under Authentication, you'll find PermitRootLogin you need to change it's value to no.

PermitRootLogin no

In case you also want to disable password-based authentication as well, you can also change the PasswordAuthentication to no

PasswordAuthentication no

But make sure you've set up ssh key-based authentication before disabling PasswordAuthentication. I'll link up the article here for setting up ssh-key-based authentication.

Now, you need to restart your SSH service.

sudo service ssh restart
 
Share this