As default in many Linux distributions root login via ssh is possible. But depending on your risk awareness this might be a bad idea. E.g. normally you should not work as root, but have a special user that adminsters the system. So why allowing to login as root via ssh? For that reason it’s a good idea to deactivate the possibility to login as root.
Furthermore this prevents an attacker to brute force your root account. Of course attacking an administrative account might be bad as well, but this isn’t the same category by far.
Deactivating root login via ssh is possible by simply configuring the ssh deamon. Just open /etc/ssh/sshd_config
and set the following configuration parameter in this file. In case PermitRootLogin
is not set just add it to the sshd_config
file.
PermitRootLogin no
After that simply restart your ssh deamon via /etc/init.d/sshd restart
or via service sshd restart
depending on your init system.
Sources
- Security Tip: Disable Root SSH Login on Linux
- man sshd_config