As we all know, root SSH login is enabled by default in GNU/Linux. We can easily access our remote servers and manage them if they have any issues via SSH. But it is not advisable to allow directly login as root user via SSH, because anyone can brute force root password and will try to access your servers.

It’s better to have a separate user account and you can get root privileges by using su command if necessary. This handy tutorial will describe you how to disable root SSH login in GNU/Linux systems.

Disable SSH Root Login

Open up the SSH configuration file in any editor:

# nano /etc/ssh/sshd_config

Search for the line “PermitRootLogin” and change the value from yes to no:

[...]PermitRootLogin no[...]

Save and close the file. Restart sshd service to take effect the saved changes:

# /etc/init.d/ssh restart

Now try to login as root user from any client systems. You will an error message like below:

$ ssh root@192.168.1.200root@192.168.1.200's password: Permission denied, please try again.

This was done on my Debian 7 server. Some distributions may have the line “#PermitRootLogin no” in SSH configuration file, just uncomment it by removing the character #. After uncomment the line, it should look like below:

[...]PermitRootLogin no[...]

Limit SSH users

If your servers is having large number users, you can decide which can able to access the server via access. To do that open up the SSH configuration file:

# nano /etc/ssh/sshd_config

At the end of file add the line “AllowUsers”. Add the users separated by a space as shown below. For example here I added the users sk and senthil to access the servers via SSH:

[...]AllowUsers sk senthil[...]

Restart sshd service:

# /etc/init.d/ssh restart

Now try to login via SSH from some others except sk and senthil. For instance here I am going to access with user kumar:

$ ssh kumar@192.168.1.200kumar@192.168.1.200's password: Permission denied, please try again.

As you see above, I can’t access my Debian 7 server with user kumar including root user account too.

That’s it. Hope this will help you to secure your server a bit more.