In this blog, we learn about Disable SSH Root Login in Linux.
In every type of server attack, the Root User account is the primary target first by the hackers and crackers via SSH under Linux. To implement better security on the server, we need to disable the SSH Root Account and change the default SSH Port(22) to harden the security. This is also an important part of the Linux server hardening topic.
We need to login on to a remote server with the normal user account which has root privileges.
Read Also: How to Configure Apache Virtual Hosts on CentOS 8
Prerequisites
- Linux Web Server
- A User with sudo privileges.
We are going to edit a single file to achieve both our objectives.
- Disable root user to access ssh
- Change ssh port to non-default
To disable the SSH Root account and change the default SSH port, first log in to your server with a normal account with root privileges by issuing with sudo su
command.
Now edit the main configuration file of the SSH with your favorite editor, In most of the Linux distributions the configuration file is present at /etc/ssh/sshd_config
1. Edit the config file
vim /etc/ssh/sshd_config
Now search for the line PermitRootLogin
and update the line to PermitRootLogin no
. In some Linux Distributions, the PermitRootLogin
is preceded by the #
symbol which shows that the line is a comment. In this case, remove the #
symbol and set the PermitRootLogin
line to no
.
If you want to allow password authentication for some users adds the below line at the end of the file.
Match User username PasswordAuthentication yes
Replace the username
with the desired username which you want to allow for password authentication.
Now change the default SSH port(22) to a random port. Search the line that have Port 22
and update it with your desired port except (0 To 1023) as these are reserved ports. In some Linux Distributions Port 22
is preceded by the #
symbol which shows that the line is comment. In this case, remove the # symbol and set the default 22 port to your desired port.
2. Restart SSHD service
Save and exit the file. Restart the sshd
service
systemctl restart sshd
Note :-
Never logout from the server after making these changes. First, Test the configurations in the new terminal. The server will block you if your ssh configuration is not proper. So make sure you are changing or updating it properly.
To test the configuration, Try to login with the root user and the normal user with the port you have changed.
While logging with the root user it will show an error Permission denied
then try to log in with the normal user if it successfully login with the normal user then the configuration you have done is successfully applied.
Conclusion
We have gone through the tutorial to understand what changes we need to make in the SSH configuration. We have learned how to disable root user ssh access and how to change ssh port to non-default. It will harden your server security to further next level. Now you can also change ssh port and secure your server.
If you guys face any problem with this Disable SSH Root Login in Linux tutorial, just comment.
Leave a Reply