SSH Security – How to Disable Remote Root Login

rootSecurityssh

How do I disable remote root login via ssh?

I want to log into my server (I use keys on my main comp) then su into root instead of access root directly.

I am using Debian. I follow guides online which say add PermitRootLogin no to the file and another mention Protocol 2. Then reset ssh. /etc/init.d/ssh restart. I did this and it did not work. I was able to log into root using putty.

How do I disable remote root login on Debian?

Best Answer

I'm going to take a guess on this one, but I'm pretty confident.

I bet there's a PermitRootLogin yes line already in your file. SSH will only use the first line it finds, and will ignore a duplicate further down. So if you just added PermitRootLogin no to the end of the file without removing the line above, there will be no effect.

Related Solutions

Ssh – Recommended way to login to root

to disable the root password, you need to lock the root account:

sudo passwd -l root
sudo chage -E-1 root

explanation:

the first line locks the root a/c, but also expires the password, meaning stuff might break (like the root crontab, for example!!). The second line sets the root password to "never expire", so that this doesn't happen, and so that you can still use sudo su for example.

Combine this with PermitRootLogin No in /etc/ssh/sshd_config, and you should be good to go.

SSH Issues – Can’t SSH into Remote Host with Root, Password Incorrect

Do you have ssh as root disabled? Check your sshd configuration (possibly /etc/ssh/sshd_config) and look for the line PermitRootLogin no. Change the no to yes and restart sshd (most likely either service ssh restart or service sshd restart).

Some distributions (e.g., Ubuntu) default to without-password for PermitRootLogin such that root login is allowed via public key authentication, but not with a password.

Best Answer

Related Solutions

Ssh – Recommended way to login to root

SSH Issues – Can’t SSH into Remote Host with Root, Password Incorrect

Related Question