How can I disable SSH login for a root user? (I am the account owner)

December 16, 2014 11.8k views

How can I disable SSH login for a root user? (I am the account owner)

1 comment
1 Answer

You can disable root SSH login by editing /etc/ssh/sshd_config, setting PermitRootLogin to no, and then restarting ssh:

sudo service ssh restart
  • Thanks but I need to disable SSH for ONE root user, not all.

  • There is only one root user a typical linux system. If you want to disable SSH access for a specific user, add the following line to sshd_config and restart SSH:

    DenyUsers user1 user2 ...
    
  • I've added: PermitRootLogin no to /etc/ssh/sshd_config

    entered "sudo service ssh restart"

    but it is still allowing me to ssh root@myip

    i know this post is old, but can someone help me out here?

    • Are you still able to log in as root? With that setting, you will still be prompted for a password but it will never let you actually log in, even if you enter the correct one.

    • In your /etc/ssh/sshd_config navigate to the following section:

      # To disable tunneled clear text passwords, change to no here!
      #PasswordAuthentication yes
      #PermitEmptyPasswords no
      PasswordAuthentication yes
      

      Change the PasswordAuthentication default value from "yes" to "no"

      Now it should look like:

      
      # To disable tunneled clear text passwords, change to no here!
      #PasswordAuthentication yes
      #PermitEmptyPasswords no
      PasswordAuthentication no
      

      Save, exit and run the following command:

      systemctl restart sshd; systemctl status sshd
      
      

      Attempting to login as root will yield the following:

      Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
      
      • Those are instructions for preventing password based SSH access for ALL users. That is very different from preventing one user "root" from being able to login via ssh.

Have another answer? Share your knowledge.