How can I disable SSH login for a root user? (I am the account owner)

December 16, 2014 10.1k views
Jtowsk
By:
Jtowsk

How can I disable SSH login for a root user? (I am the account owner)

1 comment
Log In to Comment
1 Answer
kamaln7 MOD December 16, 2014

You can disable root SSH login by editing /etc/ssh/sshd_config, setting PermitRootLogin to no, and then restarting ssh:

sudo service ssh restart
Reply
  • Jtowsk December 16, 2014

    Thanks but I need to disable SSH for ONE root user, not all.

  • kamaln7 MOD December 16, 2014

    There is only one root user a typical linux system. If you want to disable SSH access for a specific user, add the following line to sshd_config and restart SSH:

    DenyUsers user1 user2 ...
  • optimusprime April 20, 2018

    I've added: PermitRootLogin no to /etc/ssh/sshd_config

    entered "sudo service ssh restart"

    but it is still allowing me to ssh root@myip

    i know this post is old, but can someone help me out here?

    • kamaln7 MOD April 22, 2018

      Are you still able to log in as root? With that setting, you will still be prompted for a password but it will never let you actually log in, even if you enter the correct one.

    • tomsantic about 23 hours ago

      In your /etc/ssh/sshd_config navigate to the following section:

      # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

      Change the PasswordAuthentication default value from "yes" to "no"

      Now it should look like:

      
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

      Save, exit and run the following command:

      systemctl restart sshd; systemctl status sshd

      Attempting to login as root will yield the following:

      Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Have another answer? Share your knowledge.