In this blog, we learn about Disable SSH Root Login in Linux.
In every type of server attack, the Root User account is the primary target first by the hackers and crackers via SSH under Linux. To implement better security on the server, we need to disable the SSH Root Account and change the default SSH Port(22) to harden the security. This is also an important part of the Linux server hardening topic.
We need to login on to a remote server with the normal user account which has root privileges.
- Linux Web Server
- A User with sudo privileges.
We are going to edit a single file to achieve both our objectives.
- Disable root user to access ssh
- Change ssh port to non-default
To disable the SSH Root account and change the default SSH port, first log in to your server with a normal account with root privileges by issuing with
sudo su command.
Now edit the main configuration file of the SSH with your favorite editor, In most of the Linux distributions the configuration file is present at
1. Edit the config file
Now search for the line
PermitRootLogin and update the line to
PermitRootLogin no. In some Linux Distributions, the
PermitRootLogin is preceded by the
# symbol which shows that the line is a comment. In this case, remove the
# symbol and set the
PermitRootLogin line to
If you want to allow password authentication for some users adds the below line at the end of the file.
Match User username PasswordAuthentication yes
username with the desired username which you want to allow for password authentication.
Now change the default SSH port(22) to a random port. Search the line that have
Port 22and update it with your desired port except (0 To 1023) as these are reserved ports. In some Linux Distributions
Port 22 is preceded by the
# symbol which shows that the line is comment. In this case, remove the # symbol and set the default 22 port to your desired port.
2. Restart SSHD service
Save and exit the file. Restart the
systemctl restart sshd
Note :- Never logout from the server after making these changes. First, Test the configurations in the new terminal. The server will block you if your ssh configuration is not proper. So make sure you are changing or updating it properly.
To test the configuration, Try to login with the root user and the normal user with the port you have changed.
While logging with the root user it will show an error
Permission denied then try to log in with the normal user if it successfully login with the normal user then the configuration you have done is successfully applied.
We have gone through the tutorial to understand what changes we need to make in the SSH configuration. We have learned how to disable root user ssh access and how to change ssh port to non-default. It will harden your server security to further next level. Now you can also change ssh port and secure your server.
If you guys face any problem with this Disable SSH Root Login in Linux tutorial, just comment.