To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.
# vi /etc/ssh/sshd_config
Search for the following line in the file.
#PermitRootLogin no
Remove the ‘#‘ from the beginning of the line. Make the line look like similar to this.
PermitRootLogin no
Next, we need to restart the SSH daemon service.
# /etc/init.d/sshd restart
Now try to login with root user, you will get “Access Denied” error.
login as: root Access denied [email protected]'s password:
So, from now onwards login as normal user and then use ‘su’ command to switch to root user.
login as: zetservers Access denied [email protected]'s password: Last login: Tue Oct 16 17:37:56 2012 from 172.16.25.125 [zetservers@zetservers ~]$ su - Password: [root@zetservers ~]#
Enable SSH Root Login
To enable ssh root logging, open the file /etc/ssh/sshd_config.
# vi /etc/ssh/sshd_config
Search for the following line and put the ‘#‘ at the beginning and save the file.
# PermitRootLogin no
Restart the sshd service.
# /etc/init.d/sshd restart
Now try to login with root user.
login as: root Access denied [email protected]'s password: Last login: Tue Nov 20 16:51:41 2012 from 172.16.25.125 [root@zetservers ~]#
Limit SSH User Logins
If you have large number of user accounts on the systems, then it makes sense that we limit remote access to those users who really need it. Open the /etc/ssh/sshd_config file.
# vi /etc/ssh/sshd_config
Add an AllowUsers line at the bottom of the file with a space separated by list of usernames. For example, user zetservers and sheena both have access to remote ssh.
AllowUsers zetservers sheena
Now restart ssh service.