How to Disable SSH Root Login for Better Security

August 31, 2025 / Security and Backups

This article explains how to disable SSH root login for better security. Secure Shell, or SSH, is the most popular method for remotely accessing a Linux system. SSH is the default method of root account login, although this presents a significant security concern. Brute-force attacks are frequently used by attackers to target the root account. It is advised to use a regular user account with sudo powers and deactivate direct root login for better security.

Let us follow the steps:

  1. Firstly, create a new user with sudo rights to ensure you have another account with administrative privileges before disabling root login.
  2. Add a new user (replace ‘username’ with your choice)
    adduser username
  3.  Grant sudo privileges (distribution-specific)
    1. Ubuntu / Debian-based systems:
      usermod -aG sudo username
    2. RHEL / CentOS / AlmaLinux / Rocky Linux systems:
      usermod -aG wheel username

      Note:
      Ensure the user can run sudo commands successfully before disabling SSH root login.

  4. Edit the SSH daemon configuration file:
    sudo nano /etc/ssh/sshd_config
  5. Locate and update the ‘PermitRootLogin’ directive in the configuration file by finding the line:
    #PermitRootLogin yes

    Change it to:

    PermitRootLogin no

    If the line is commented out (#), remove the # and set the value to no.

  6. Apply the changes by restarting the SSH service:
    sudo systemctl restart ssh

    (On some distributions, the service may be called ‘sshd’ instead of ssh.)

  7. Open a new terminal, log in with your new user to confirm access, and then try logging in as root to ensure it is denied.

Additional SSH Security Tips: Use key-based authentication, change the default port, and enable tools like Fail2Ban to block repeated login attempts.

This way, you can greatly improve the security of your system by limiting the attack surface of your server and forcing authentication through a non-root account by turning off direct root login over SSH.

Important: Always verify sudo access with the new user before disabling SSH root login to avoid accidental loss of administrative access.

Disabled root login? Learn How to import an SSH key via root access

Spread the love