Question

What is the effect of "PermitRootLogin no"?

I am reading the tutorial https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 and I want to clarify the use of PermitRootLogin no

If i apply this more restrictive setting, how can I ever log back in as root on a hosted server?

Will ssh work again with root? or is there a console with digitalocean and that will be the only way?

I want to be sure before I commit the irreparable…

thanks


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

As you said, PermitRootLogin no will disable the option to login in directly as root via SSH. This is a good practice. There are usually two other ways left to have root permissions though:

  • Using sudo. Once you login as a different user (for example “john”), if everything is set up correctly, you should be able to invoke sudo commands, which give you temporary root-like access. More on this can be found here - https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos - I’d personally recommend using PermitRootLogin no with disabled password authentication, which will only allow you to log in with SSH key.

  • Using console. Console is available via DO control panel, however, it’s mostly used only as a last resort, as it’s not very practical.

Another option would be to set PermitRootLogin without-password

In this case, it’s possible to log in as root, but only if using an authentication method other than passwords (e.g. SSH Key), it might be the best compromise between security and access for you