How can I disable SSH login for a root user? (I am the account owner)
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×You can disable root SSH login by editing /etc/ssh/sshd_config, setting PermitRootLogin to no, and then restarting ssh:
sudo service ssh restart
There is only one root user a typical linux system. If you want to disable SSH access for a specific user, add the following line to sshd_config and restart SSH:
DenyUsers user1 user2 ...
I’ve added: PermitRootLogin no to /etc/ssh/sshd_config
entered “sudo service ssh restart”
but it is still allowing me to ssh root@myip
i know this post is old, but can someone help me out here?
Are you still able to log in as root? With that setting, you will still be prompted for a password but it will never let you actually log in, even if you enter the correct one.
In your /etc/ssh/sshd_config navigate to the following section:
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
Change the PasswordAuthentication default value from “yes” to “no”
Now it should look like:
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no
Save, exit and run the following command:
systemctl restart sshd; systemctl status sshd
Attempting to login as root will yield the following:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Those are instructions for preventing password based SSH access for ALL users. That is very different from preventing one user “root” from being able to login via ssh.
Allow only certain users to ssh
Add a line to your ssh config file:
/etc/ssh/sshd_config