SSH Disable Direct Root Login – how can we do this? Find the steps given below.
Note: Please do not log out from your system after disabling the direct root login. Otherwise, it will be hard for you to get access back. Please be careful.
The root user is the one that has the license to do anything in your system. Everyone knows root is the default user with full administrative privileges in Linux. So it’s always a good security practice to disable the direct root login.
Edit the SSH main configuration file.
vi /etc/ssh/sshd_config
You can find the below line.
#PermitRootLogin yes
Change it as below.
PermitRootLogin no
Restart SSH to update the changes.
/etc/init.d/sshd restart
That’s it!! You have disabled the direct root login. If you don’t have another user with administrative privileges, then please don’t exit the shell. Follow the steps mentioned in the article to create a dedicated SSH user with sudo privileges – SSH Deny All Users Except One
I’d say everyone must do this and create a separate account to login as SSH. After that, you can sudo or switch to root user. Because, as I mentioned, everyone knows root is the default administrative user, and most of the brute force attacks are targeted to the root user. You know what will happen if they get access to the root user.
There is one more thing – I have seen some guys who don’t even know how to use SSH but still must enable SSH and direct root login. If you are only using FTP and don’t even know anything about SSH, it is recommended to disable the shell of SSH users to /sbin/nologin. This won’t affect the FTP. You can still do all FTP operations and can avoid all SSH-based attacks such as brute-force. Please refer to the article – How to Disable Shell Access for a Linux User Account?