How to enable or disable root login in SSH

root is a superuser whereas it has full access to Linux or other Unix-based operating systems. Logging in as the root user via SSH for system administration is a big convenience but comes with big security implication.

A compromised root account will give an attacker full access to your server. This could be caused by bots that would normally brute force root SSH account or leaked password / private key of the root user. It is therefore advised to only allow normal user login to a system via SSH and configure sudo access for the user to perform administrative tasks.

$ ssh [email protected]
The authenticity of host 'example.com (192.168.111.146)' can't be established.
ECDSA key fingerprint is SHA256:dPiDHZPOKKNaz/RgHHaxkexY7L1h1EFcfa5UJUi2s48.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'example.com,192.168.111.146' (ECDSA) to the list of known hosts.
[email protected]'s password:
Permission denied, please try again.

Some systems disable root login by default and some other does not. You can enable or disable root user login to your SSH server by configuring PermitRootLogin directive on SSHd configuration on your SSH server.

1. Configure root access to the normal user via sudo (optional, if required).
2. Launch your preferred terminal application.
3. Open sshd configuration file using favourite text editor.

   $ sudo vi /etc/ssh/sshd_config
   [sudo] password for user:

4. Search for PermitRootLogin directive and set the option to no to disallow root login and yes to allow.

   PermitRootLogin no

   Add the line if it doesn't already exist and remove the # at the beginning of the line if exists.

5. Reload or restart SSH server service.

   $ sudo systemctl restart sshd

   How to start, restart and stop SSH service