root is a superuser whereas it has full access to
Linux or other
Unix-based operating systems. Logging in as the
root user via
SSH for system administration is a big convenience but comes with big security implication.
root account will give an attacker full access to your server. This could be caused by bots that would normally brute force
SSH account or leaked password / private key of the
root user. It is therefore advised to only allow normal user login to a system via
SSH and configure
sudo access for the user to perform administrative tasks.
$ ssh [email protected] The authenticity of host 'example.com (192.168.111.146)' can't be established. ECDSA key fingerprint is SHA256:dPiDHZPOKKNaz/RgHHaxkexY7L1h1EFcfa5UJUi2s48. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'example.com,192.168.111.146' (ECDSA) to the list of known hosts. [email protected]'s password: Permission denied, please try again.
Some systems disable
root login by default and some other does not. You can enable or disable
root user login to your
SSH server by configuring
PermitRootLogin directive on
SSHd configuration on your
Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is prohibit-password.
Make sure you already have a normal user with
SSH and preferably
sudo access to the system before preventing
rootaccess to the normal user via
sudo(optional, if required).
sshdconfiguration file using favourite text editor.
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
PermitRootLogindirective and set the option to
Add the line if it doesn't already exist and remove the
# at the beginning of the line if exists.
$ sudo systemctl restart sshd
|Red Hat Enterprise Linux|
|SUSE Linux Enterprise Server|
Comment anonymously. Login not required.