I shouldn't need to tell you why login as root via SSH can be dangerous. If somebody (hacker/unwanted person) were to get into your server and they have root access, that can be a sign of trouble. You see with root access they can do virtually anything. So disabling root access can be a good move for your server security.
In order to disable root login, you must first ensure that there is a normal user account available for you to log in after root login is disabled.
Creating a new user
sudo adduser "username"
Change the username
with the desired username for your new user. Also, don't apply quotes. After executing the command you'll be presented with a form asking for the user's information, just enter whatever you want.
Now that the user is created, open the /etc/ssh/sshd_config
inside your favourite text editor.
sudo nano /etc/ssh/sshd_config
In this file under Authentication
, you'll find PermitRootLogin
you need to change it's value to no
.
PermitRootLogin no
In case you also want to disable password-based authentication as well, you can also change the PasswordAuthentication
to no
PasswordAuthentication no
But make sure you've set up ssh key-based authentication before disabling PasswordAuthentication. I'll link up the article here for setting up ssh-key-based authentication.
Now, you need to restart your SSH
service.
sudo service ssh restart