Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.
- First, you will need to add the user. In the following example we will use the user name “admin”. The command adduser will automatically create the user, initial group, and home directory. We will then specify that we want to add admin to the “wheel” group. For this example, use the following command:
sudo adduser admin && sudo usermod -aG wheel admin
To review the group parameters for the user:
id admin
To view the content of the /home directory made for the user you’ve just created:
ls -lad /home/admin/
- Now that the user “admin” been created, we need to set their password using the passwd command. When prompted, type and then retype the password.
passwd admin
- Next, ssh to the server with the new admin user and ensure that the login works.
ssh admin
- Now, verify that you can su (switch user) to root with the admin user.
sudo su
And to confirm that you are now working as the root user, use the following command:
whoami
- Edit /etc/ssh/sshd_config with your favorite text editor and change “PermitRootLogin yes” to “PermitRootLogin no”.
nano /etc/ssh/sshd_config
- Finally, restart the service with either:
systemctl restart sshd
or
service sshd restart
