How to disable SSH login for the root user

  1. Create a new user. In the following example, we will name it bob.

1
2
3
root# useradd -m bob
root# id bob
uid=1000(bob) gid=1000(bob) groupes=1000(bob)

  1. Set the password for the new user.

1
2
3
4
5
root# passwd bob
Changing password for user bob.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

  1. In order to add sudo permissions for the new user, add bob ALL=(ALL) ALL in /etc/sudoers or add bob in wheel group with usermod -a -G wheel bob.
  2. Try to connect SSH with bob user.

1
ssh [email protected]

  1. Verify you can switch user to root with bob.

1
bob$ sudo -i

  1. Disable root SSH login:
  • Edit # vim /etc/ssh/sshd_config
  • and change #PermitRootLogin yes into PermitRootLogin no.
  1. Now, we can restart SSH server.

1
root# systemctl restart sshd.service

Share