You can configure your
SSH server to not allow
root user to log in via
SSH. This could improve security in a few ways such as by minimising brute-force login by bots which would try to log in as the user
root user should exist in all
Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is prohibit-password.
SSH implementation nowadays,
root is are not allowed to log in via username and password combination, but instead need to use other method such as public key. This could negate the bot brute force issue, but still doesn't provide traceability in a multi-user systems where many users could be logging in using the
root user and would make tracing back changes to a specific user system hard.
The better option is to create a user on the server for each person needing access, configure
sudo access to the user if necessary, and then to disable
SSH login for the
Disable root login in SSH:
rootaccess to the normal user via
sudo(optional, if required).
sshdconfiguration file using favourite text editor.
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
PermitRootLoginand set the option to
Add the line if it doesn't already exist and remove the
# at the beginning of the line if exists.
$ sudo systemctl restart sshd
|Red Hat Enterprise Linux|
|SUSE Linux Enterprise Server|
Comment anonymously. Login not required.