How to Disable SSH Root Login in Linux 9

In this Linux tutorial, you will learn how to disable SSH Root Login in Rocky Linux 9 or other Red Hat based Linux distributions. #centlinux #linux #ssh

What is SSH?

SSH stands for Secure Shell. It is a network protocol that provides a secure way for remote access and management of network devices and systems. It allows users to securely log in to a remote computer over a network, execute commands on the remote machine, and transfer files between the local and remote machines.

SSH encrypts all the data transmitted between the client and server, preventing any unauthorized access to the information. This makes it a secure and reliable method for remote access and management of network systems.

SSH uses a client-server model, where the client initiates a connection to the server, and both parties authenticate each other using digital certificates or passwords. Once the connection is established, the client can securely communicate with the server over the encrypted tunnel.

SSH is widely used for remote server administration, file transfers, and tunneling applications. It is supported by most operating systems, including Windows, Linux, and macOS.

Read Also: How to Disable SSH Login for root CentOS 8

What is SSH Root Login?

SSH root login refers to the ability to log in directly to a system as the root user using the SSH protocol. The root user is the superuser or administrative account in Unix-like operating systems, including Linux. It has unrestricted access to all files and commands on the system, making it extremely powerful and potentially dangerous if misused.

Enabling SSH root login means allowing direct access to the root account over a network using SSH. However, it is generally considered a security risk to allow SSH root login for several reasons:

1. Increased Vulnerability: Granting root access over SSH increases the risk of unauthorized access to the system. Attackers commonly target root accounts as they provide unrestricted control over the system.
2. Audit Trail: Allowing direct root login can make it difficult to track user activity and maintain an audit trail of administrative actions performed on the system. It’s preferable to have administrators log in with individual accounts and use sudo or su to perform administrative tasks.
3. Mitigation of Mistakes: Allowing direct root login increases the likelihood of accidental system changes or deletions. By requiring administrators to authenticate themselves with individual accounts before accessing root privileges, it adds an extra layer of protection against unintentional errors.

For these reasons, it’s recommended to disable SSH root login and instead use SSH key-based authentication or enforce the use of individual user accounts with sudo privileges for administrative tasks. This helps enhance the security posture of the system and mitigate the risk of unauthorized access or accidental damage.

Create a Linux Admin User

By using ssh command, login to your Rocky Linux server as root user.

# ssh root@192.168.116.128
The authenticity of host '192.168.116.128 (192.168.116.128)' can't be established.
ED25519 key fingerprint is SHA256:0HIa3JkQYbEmBNv/W6RyztUXEmxtgCheMZSSErNWi5E.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.116.128' (ED25519) to the list of known hosts.
root@192.168.116.128's password:
Last login: Thu May  4 08:40:40 2023 from 192.168.116.1

Create a Linux Admin user as an alternative to root user.

You can this new admin user for SSH sessions, after disabling the super-admin user.

Execute following commands at Linux terminal to create a Linux admin user and set a password for it.

# adduser ahmer
# passwd ahmer
Changing password for user ahmer.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Edit /etc/sudoers file by using vim text editor or you can execute visudo command to do the same.

# visudo

Add following line in this file to grant sudo permissions to your Admin user.

ahmer   ALL=(ALL)       ALL

Disable SSH Root Login

SSH configuration files are located in /etc/ssh directory.

Edit 01-permitrootlogin.conf file by using vim text editor. The file is already existed on a minimal installed Rocky Linux 9 operating system. For other Linux distributions you may need to create this file.

# vi /etc/ssh/sshd_config.d/01-permitrootlogin.conf

Locate and set following directive in this file.

PermitRootLogin no

Restart SSH Daemon to load configuration changes.

# systemctl restart sshd.service

Now, try to create a SSH session as root user.

# ssh root@192.168.116.128
root@192.168.116.128's password:
Permission denied, please try again.

A ‘Permission denied’ message confirms that the SSH root logins has been disabled successfully. However, you can still obtain a SSH Shell by using the alternate Admin user that you have created at the start of this tutorial.

Video to Disable SSH Root Login

Final Thoughts

In this Linux tutorial, you have learned how to disable SSH Root login on Rocky Linux 9 or other Red Hat based Linux distributions. If you are new to Linux command-line, then we suggest that you should attend online training: Linux command line for beginners