First, we will see how to disable SSH root login and then we will also see how to enable it again:
- First, open the main configuration file of SSH, /etc/ssh/sshd_config, in any editor:
sudo nano /etc/ssh/sshd_config
- Now look for the line that reads as follows:
PermitRootLogin yes
- Change the value yes to no. Then save and close the file:
PermitRootLogin no
- Once done, restart the SSH daemon service using the following command:
- Now let's try to log in as root. We should get an error:
"Permission Denied"
This is because the root login has been disabled:
- Now whenever we want to log in as root, first we will have to log in as a normal user. And after that, we can use the su command and switch to the root user. So, the user accounts that are not listed in the /etc/sudoers file will not be able to switch to root user and the system will be more secure:
- Now if we want to enable SSH root login again, we just need to edit the /etc/ssh/sshd_config file again and change the no option to yes:
PermitRootLogin yes
- Then restart the service again by using the following command:
- Now if we try to log in as root again, it will work:
