How can I disable SSH login for a root user? (I am the account owner)

December 16, 2014 10.1k views
Jtowsk
By:
Jtowsk

How can I disable SSH login for a root user? (I am the account owner)

1 comment
1 Answer

You can disable root SSH login by editing /etc/ssh/sshd_config, setting PermitRootLogin to no, and then restarting ssh:

sudo service ssh restart
  • Thanks but I need to disable SSH for ONE root user, not all.

  • There is only one root user a typical linux system. If you want to disable SSH access for a specific user, add the following line to sshd_config and restart SSH:

    DenyUsers user1 user2 ...
    
  • I've added: PermitRootLogin no to /etc/ssh/sshd_config

    entered "sudo service ssh restart"

    but it is still allowing me to ssh root@myip

    i know this post is old, but can someone help me out here?

    • Are you still able to log in as root? With that setting, you will still be prompted for a password but it will never let you actually log in, even if you enter the correct one.

    • In your /etc/ssh/sshd_config navigate to the following section:

      # To disable tunneled clear text passwords, change to no here!
      #PasswordAuthentication yes
      #PermitEmptyPasswords no
      PasswordAuthentication yes
      

      Change the PasswordAuthentication default value from "yes" to "no"

      Now it should look like:

      
      # To disable tunneled clear text passwords, change to no here!
      #PasswordAuthentication yes
      #PermitEmptyPasswords no
      PasswordAuthentication no
      

      Save, exit and run the following command:

      systemctl restart sshd; systemctl status sshd
      
      

      Attempting to login as root will yield the following:

      Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
      
Have another answer? Share your knowledge.