Ubuntu – How to disable remote SSH login as root from a server

accountsremote accessrootserver

For security purposes my company wants me to not allow anyone to be able to log into our Ubuntu server as root remotely over SSH. We still want the root account to exist, we just do not want it to be able to be logged into remotely. How would I accomplish this?

Thank you very much in advance for your time.

Best Answer

I assume you meant logging in over SSH? Put the following line to /etc/ssh/sshd_config:

PermitRootLogin no

If you want to deny certain users from logging in, put this in the configuration file:

DenyUsers root

This takes the blacklisting approach. Whitelisting is generally preferable. If your company needs to allow the rob and admin users log in on the server, use the following configuration directive:

AllowUsers rob admin

After making configuration file changes, restart the ssh service using the command:

sudo service ssh restart

Related Solutions

Ubuntu – Create a new SSH user on Ubuntu Server

Edit (as root) /etc/ssh/sshd_config. Append the following to it:

Port 1234
PermitRootLogin no
AllowUsers jim

Port 1234 causes SSH to listen on port 1234. You can use any unused port from 1 to 65535. It's recommended to choose a privileged port (port 1-1024) which can only be used by root. If your SSH daemon stops working for some reason, a rogue application can't intercept the connection.

PermitRootLogin disallows direct root login.

AllowUsers jim allows user jim to login through SSH. If you do not have to login from everywhere, you can make this more secure by restricting jim to an IP address (replace 1.2.3.4 with your actual IP address):

AllowUsers jim@1.2.3.4

Changes to the configuration file /etc/ssh/sshd_config are not immediately applied, to reload the configuration, run:

sudo service ssh reload

Ubuntu – How to set up a server for SSH

If you already have ssh installed on the server and you can't connect from your home, probably you'll have to forward port 22 (or whatever port ssh is using) on the router.

Best Answer

Related Solutions

Ubuntu – Create a new SSH user on Ubuntu Server

Ubuntu – How to set up a server for SSH

Related Question