Your Webhosting Questions
Answered by the Webhosting Experts

How to Disable Direct Root Logins

Enabling root ssh login is a risky practice that can compromise the security of your system. Root SSH login allows anyone with the root password to access your system remotely and execute commands with full privileges. This can expose your system to brute force attacks, malware infections, data theft, and other threats. To prevent these risks, you should disable root SSH login and use a regular user account with sudo privileges instead.

Before proceeding, ensure that you have IPMI access or other credentials (With sudo privileges) to login to the server or you could be locking yourself out.

Disabling Direct Root Logins

To disable direct root login via SSH follow these steps:

  1. Within your server, use your editor of choice to open and edit the file /etc/ssh/sshd_config using the command nano, as shown below:
     
    nano /etc/ssh/sshd_config
     
    Screenshot showing the results of the nano /etc/ssh/sshd_config command.
     
  2. Next, the document will open and you will be required to find the line PermitRootLogin yes and change it to PermitRootLogin no. Note that if there is a # character before it, then the line does not take effect as it is commented out. To activate the line, remove the # character.
     
    Screenshot showing which line to edit in the /etc/ssh/sshd_config file.
     
  3. Once the change is complete, save the document, and exit.
     
  4. Now, for the changes to take effect, we need to restart the SSH service using the command systemctl restart sshd or service sshd restart, depending on your Linux distribution.
     
    Screenshot showing the results of the systemctl restart sshd command.

With the above steps finished, this now completes the task and no one can use your root credentials to login to your server remotely via SSH.

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: [email protected]. We are also available to you through our phone and live chat system 24/7/365.

Tags +
...