How to disable SSH login for the root user

  1. Create a new user. In the following example, we will name it bob.
1
2
3
root# useradd -m bob
root# id bob
uid=1000(bob) gid=1000(bob) groupes=1000(bob)
  1. Set the password for the new user.
1
2
3
4
5
root# passwd bob
Changing password for user bob.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
  1. In order to add sudo permissions for the new user, add bob ALL=(ALL) ALL in /etc/sudoers or add bob in wheel group with usermod -a -G wheel bob.
  2. Try to connect SSH with bob user.
1
ssh bob@localhost
  1. Verify you can switch user to root with bob.
1
bob$ sudo -i
  1. Disable root SSH login:
  • Edit # vim /etc/ssh/sshd_config
  • and change #PermitRootLogin yes into PermitRootLogin no.
  1. Now, we can restart SSH server.
1
root# systemctl restart sshd.service
Share