How to Disable SSH Root Login in Linux

Posted by By Adam 2 years Ago
How to Disable SSH Root Login in Linux

In this blog, we learn about Disable SSH Root Login in Linux.

In every type of server attack, the Root User account is the primary target first by the hackers and crackers via SSH under Linux. To implement better security on the server, we need to disable the SSH Root Account and change the default SSH Port(22) to harden the security. This is also an important part of the Linux server hardening topic.

We need to login on to a remote server with the normal user account which has root privileges.

Read Also: How to Configure Apache Virtual Hosts on CentOS 8

Prerequisites

  • Linux Web Server
  • A User with sudo privileges.

We are going to edit a single file to achieve both our objectives.

  1. Disable root user to access ssh
  2. Change ssh port to non-default

To disable the SSH Root account and change the default SSH port, first log in to your server with a normal account with root privileges by issuing with sudo su command.

Now edit the main configuration file of the SSH with your favorite editor, In most of the Linux distributions the configuration file is present at /etc/ssh/sshd_config

1. Edit the config file

vim /etc/ssh/sshd_config

Now search for the line PermitRootLogin  and update the line to PermitRootLogin no. In some Linux Distributions, the PermitRootLogin is preceded by the # symbol which shows that the line is a comment. In this case, remove the # symbol and set the PermitRootLogin line to no.

How to Configure Apache Virtual Hosts on CentOS 8

If you want to allow password authentication for some users adds the below line at the end of the file.

Match User username
    PasswordAuthentication yes

Replace the username with the desired username which you want to allow for password authentication.

Now change the default SSH port(22) to a random port. Search the line that have Port 22and update it with your desired port except (0 To 1023) as these are reserved ports. In some Linux Distributions Port 22 is preceded by the # symbol which shows that the line is comment. In this case, remove the # symbol and set the default 22 port to your desired port.

How to Configure Apache Virtual Hosts on CentOS 8

2. Restart SSHD service

Save and exit the file. Restart the sshd service

systemctl restart sshd

Note :- Never logout from the server after making these changes. First, Test the configurations in the new terminal. The server will block you if your ssh configuration is not proper. So make sure you are changing or updating it properly.

To test the configuration, Try to login with the root user and the normal user with the port you have changed.

While logging with the root user it will show an error Permission denied then try to log in with the normal user if it successfully login with the normal user then the configuration you have done is successfully applied.

Conclusion

We have gone through the tutorial to understand what changes we need to make in the SSH configuration. We have learned how to disable root user ssh access and how to change ssh port to non-default. It will harden your server security to further next level. Now you can also change ssh port and secure your server.

If you guys face any problem with this Disable SSH Root Login in Linux tutorial, just comment.