Disable SSH Login for root in CentOS 8

Share on Social Media

Learn how to disable SSH login for the root user on CentOS 8 with our step-by-step guide. Enhance your server’s security by preventing direct root access over SSH. #centlinux #linux #ssh

What is SSH?

SSH, or Secure Shell, is a cryptographic network protocol used for securely operating network services over an unsecured network. The most common application of SSH is for remote login to computer systems by users. Here are the key aspects of SSH:

Key Features

Encryption: SSH provides strong encryption for data transmitted over the network, ensuring that any intercepted communications cannot be read by unauthorized parties.
Authentication: Supports multiple methods of authentication, including password-based login, public key authentication, and two-factor authentication.
Command Execution: Allows users to execute commands on a remote machine securely. This is particularly useful for administrative tasks and automation scripts.
Secure File Transfer: Includes protocols like SFTP (SSH File Transfer Protocol) and SCP (Secure Copy Protocol) for secure file transfer between machines.
Port Forwarding: Enables the forwarding of network ports, which can securely tunnel other protocols and services through an encrypted SSH connection.

Common Uses

Remote Administration: SSH is widely used by system administrators for remote management of servers and network devices.
Secure File Transfers: Facilitates secure file transfers between computers using SFTP and SCP.
Tunneling and Port Forwarding: Used to tunnel other network services securely through an encrypted connection, often used to bypass firewalls or secure otherwise insecure protocols.
Automated Scripts: Enables running automated scripts for routine administrative tasks on remote servers.

Disable ssh login for root — Disable SSH Login for root in CentOS 8

How SSH Works

Client-Server Model:

SSH operates on a client-server model. The SSH client initiates a connection to the SSH server.
The server listens for incoming connections on a designated port (default is port 22).

Authentication Process:

The client and server authenticate each other using various methods such as passwords, public key authentication, or Kerberos.
Once authenticated, an encrypted session is established.

Session Encryption:

After authentication, all data exchanged between the client and server is encrypted, ensuring privacy and data integrity.

Security Benefits

Prevents Eavesdropping:

The encrypted communication ensures that any data intercepted by a third party cannot be understood.

Protects Against Man-in-the-Middle Attacks:

SSH verifies the identity of the server, preventing attackers from intercepting or tampering with the data.

Enhances Access Control:

By disabling root login over SSH and using key-based authentication, SSH enhances access control and reduces the risk of unauthorized access.

Summary

SSH is a fundamental tool for secure remote administration, encrypted file transfers, and tunneling network services. Its robust encryption and authentication mechanisms make it a preferred choice for securely managing and accessing remote systems.

Recommended Training: Complete Linux Training Course to Get Your Dream IT Job 2025 from Imran Afzal

Problem Definition

SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22 but we can configure SSH on a non-default port. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.

Since, root is the Superuser in Linux and remote ssh login facility makes it the prime target for hackers. Hackers uses brute force or dictionary attack techniques to guess the password of root user.

In CentOS 8 / RHEL 8 default settings, root user is allowed to login at the SSH server by using a SSH client. Therefore, it is always advisable by the security experts to disable the root ssh logins on the Linux servers before making it live.

Environment Specification

We are using a minimal CentOS 8 virtual machine with following specification.

CPU – 3.4 Ghz (2 cores)
Memory – 2 GB
Storage – 20 GB
Operating System – CentOS Linux 8.2
Hostname – ssh-server-01.centlinux.com
IP Address – 192.168.116.206 /24

Charger for MacBook Air MacBook Pro 13 14 15 16 inch 2025 2024 2023 2022 2021 2020, M1 M2 M3 M4 Laptop 70W USB C Power Adapter, iPad, LED, 6.6FT USB-C Cable, Charging as Fast as Original Quality

(4272)

$27.99 (as of May 18, 2025 16:20 GMT +00:00 – )

Create an Admin User in CentOS 8

Connect with ssh-server-01.centlinux.com as root user by using a SSH client.

You are going to disable SSH login for root, therefore, you will need another user to access the server machine via SSH.

Although, you can use a normal user for this purpose. But we recommend that you should create an Admin user so you can perform administrative tasks from this user account as well.

adduser -u 1001 -G wheel mansoor

Set the password of Admin user by using following command.

echo "Str@ngPa55w0rd" | passwd --stdin mansoor

Output:

Changing password for user mansoor.
passwd: all authentication tokens updated successfully.

Configuration files for SSH client/server are located in /etc/ssh directory.

Edit the SSH server configuration file by using vim editor.

vi /etc/ssh/sshd_config

Locate following directives in this file.

PermitRootLogin yes

Update this directive as follows to disable SSH login for root.

PermitRootLogin no

Restart sshd service to take changes into effect.

systemctl restart sshd.service

Now, disconnect from ssh-server-01.centlinux.com and try to connect again as root user.

ssh root@ssh-server-01

Although, we are providing the same password, but we are unable to login.

Try again with the newly created admin user.

ssh mansoor@ssh-server-01

We have successfully login to ssh-server-01.centlinux.com.

Now, we can switch to root user.

su -

So, you can still access the root user account, but disabling the SSH root logins reduces the risk of hacking attempts on your Linux server.

The Ultimate Kali Linux Book: Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting

(76)

$38.09 (as of May 18, 2025 16:20 GMT +00:00 – )

Frequently Asked Questions (FAQs)

Why should I disable root SSH logins in CentOS 8?
Disabling root SSH logins enhances security by preventing direct access to the root account, reducing the risk of brute-force attacks.

How do I disable root SSH logins in CentOS 8?
Edit the SSH configuration file (/etc/ssh/sshd_config), set PermitRootLogin no, and restart the SSH service using systemctl restart sshd.

Can I still gain root access after disabling root SSH login?
Yes, you can log in as a regular user and use sudo or su to gain root privileges.

What happens if I disable root SSH login but don’t have another user?
You may lock yourself out of the server. Always create a non-root user with sudo privileges before disabling root SSH logins.

How do I verify that root SSH login is disabled?
Try logging in as root via SSH; if configured correctly, access will be denied. You can also check using grep PermitRootLogin /etc/ssh/sshd_config.

Conclusion

In this article, you have learned how to disable SSH login for root on CentOS 8. If you are having difficulty understanding the commands used in this guide, then there is a good book for you.

Need a dependable Linux system administrator? I specialize in managing, optimizing, and securing Linux servers to keep your operations running flawlessly. Check out my services on Fiverr!