How to Disable Direct Root Login

On a Linux server, root is the administrator of everything, the king of the hill. Root can do whatever he wants, whenever he wants. With full access and full privileges, root is the most powerful user on the server. While it may be convenient to login to your server as root and get to work, making it that easy presents a security risk you should not be willing to take.

The problem is that people who try to attack your server may use brute force attacks to gain entry. This technique involves using easily obtainable software to guess your server’s root password. When root logins are enabled, the attacker will have full control of your server once he guesses the password.

The solution is simple: disable root logins and instead give one user (your username) the ability to become root only after being logged in as the less-privileged user first. You can then use the “su” or “sudo” command to run programs that require root access.  To disable root logins in SSH, do the following:

1. Edit your sshd configuration file:

Example: nano -w /etc/ssh/sshd_config

2. Find the line labeled: “Protocol 2, 1
Change it to read “Protocol 2” only.

3. Next, find the line “PermitRootLogin yes” and change it to:
“PermitRootLogin no”

4. Save your changes and restart sshd with this command:

/etc/init.d/sshd restart
service sshd restart

You can then test the new settings to make sure you can no longer log in as root. That simple change will make your server safer.