Disable SSH Root Login

Up to now, the SSH program (Putty) has been installed and the Webmin Control Panel has also been installed in my local computer. These two basic tools should be enough to remote administrate the Linux server. It’s time to consider to disable the SSH root log in to the Linux server.

What Is Disable SSH Root Log in?

It simply means not allow user using root to log in the Linux server directly. In other words, it only allows the admin user to log in the Linux server. If the admin user need to switch to the super root user to do something, he can use the “su –” command. Therefore, two separate passwords are required:

  1. admin user password
  2. root user password

Why Disable SSH Root Log in?

As you may noticed that I used root to log in my Linux server by using SSH (Putty) and Webmin in previous articles. This is a major security issue to use root account to login server directly.

Why? Because:

  • other staff behind me may see the password,
  • hackers may use some software to guess the root password. However if SSH root log in is disabled, this will force the hackers to guess two separate passwords to gain root access.

Note:

  • This is also better to force the use of SSH protocol 2, a newer and more secure SSH protocol.
  • If your Linux server is using cPanel, make sure you add your admin user to the ‘wheel’ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

    cPanel wheel group

You may also like...