How can I disable SSH login for a root user? (I am the account owner)
How can I disable SSH login for a root user? (I am the account owner)
2 Answers
You can disable root SSH login by editing /etc/ssh/sshd_config, setting PermitRootLogin to no, and then restarting ssh:
sudo service ssh restart
-
-
There is only one root user a typical linux system. If you want to disable SSH access for a specific user, add the following line to
sshd_configand restart SSH:DenyUsers user1 user2 ... -
I’ve added: PermitRootLogin no to /etc/ssh/sshd_config
entered “sudo service ssh restart”
but it is still allowing me to ssh root@myip
i know this post is old, but can someone help me out here?
-
Are you still able to log in as root? With that setting, you will still be prompted for a password but it will never let you actually log in, even if you enter the correct one.
-
In your /etc/ssh/sshd_config navigate to the following section:
# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yesChange the PasswordAuthentication default value from “yes” to “no”
Now it should look like:
# To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication noSave, exit and run the following command:
systemctl restart sshd; systemctl status sshdAttempting to login as root will yield the following:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).-
Those are instructions for preventing password based SSH access for ALL users. That is very different from preventing one user “root” from being able to login via ssh.
-
-
Allow only certain users to ssh
- Edit this file: /etc/ssh/sshd_config
- At the bottom write: AllowUsers <your name>@<your ip address> ie. AllowUsers henry@173.58.33.1
Have another answer? Share your knowledge.
Add a line to your ssh config file:
/etc/ssh/sshd_config