cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Trevor
Starfighter Starfighter
Starfighter
3 weeks ago
  • 311 Views

Prevent Root Direct Login

How can I configure my Linux system to prevent direct
SSH login, to any user account that has super user (roo)
privileges?

Trevor "Red Hat Evangelist" Chandler
Labels (3)
Labels
Join the discussion
7 Replies
rhnoname
Flight Engineer Flight Engineer
Flight Engineer
3 weeks ago
  • 296 Views

In the /etc/ssh/sshd_config, set PermissionRootLogin to no.

Then reload sshd service to apply the new configuration.

Best Regards
Rajat_Pundir
Cadet
Cadet
2 weeks ago
  • 278 Views

To prevent direct SSH login to user accounts with superuser (root) privileges:
1. Edit /etc/ssh/sshd_config:
    - PermitRootLogin no
    - DenyUsers root (or DenyGroups wheel)
2. Restart SSH service: sudo systemctl restart sshd

Tracy_Baker
Starfighter Starfighter
Starfighter
2 weeks ago
  • 255 Views

You said any user with superuser privileges?

So you want a user, like bob, to not be able to log into system01 if bob can use the sudo and/or su commands on system01?

-----

I don't think you can do this - at least not from what your question implies. From what I can determine, preventing a user with superuser privileges  from being able to log in using SSH requires that you know the user's name. If known, they can be added to the /etc/ssh/sshd_config file using the DenyUsers key:

DenyUsers bob jane joe tracy

The root user can be specifically denied by doing:

PermitRootLogin no

Then reload the SSH daemon: systemctl reload-or-restart sshd.service

-----

However, neither approach works with users that have superuser privileges whose name(s) is/are unknown.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Trevor
Starfighter Starfighter
Starfighter
2 weeks ago
  • 195 Views

You caught that - "any user"!!!

Trevor "Red Hat Evangelist" Chandler
0 Kudos
Tracy_Baker
Starfighter Starfighter
Starfighter
2 weeks ago
  • 180 Views

I teach my students to pay attention to the details, the least I can do is the same.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
abhidd
Flight Engineer
Flight Engineer
2 weeks ago
  • 230 Views

  1. Use SSH Key-Based Authentication Only:

You can restrict SSH access by requiring SSH keys for authentication and disabling password-based authentication altogether.

  1. In /etc/ssh/sshd_config, find and set: PasswordAuthentication no
  2. Restart the SSH service again:

This will enforce SSH key-based logins and prevent any password-based logins (including for users with sudo privileges).

    2. Disable Root Login via SSH:

Open the SSH configuration file (/etc/ssh/sshd_config) using a text editor like vi or nano:

Look for the PermitRootLogin directive. If it is not present, add the following line:

PermitRootLogin no

  • This will completely disable root login via SSH.

  • Save the file and exit the editor.

  • To apply the changes, restart the SSH service: sudo systemctl restart sshd

    3. Alternatively, you create a rule in /etc/ssh/sshd_config to deny login to users with superuser privileges:

 

0 Kudos
Gopinath_Pigili
Flight Engineer
Flight Engineer
2 weeks ago
  • 164 Views


Open the file “/etc/ssh/sshd_config” in any of your favorite text editors.
Find the section in the file containing the line with “#PermitRootLogin yes” in it.
Uncomment and change it to “PermitRootLogin no”.
Save the file and exit.
Restart the sshd service.

Thanks

0 Kudos
Join the discussion
You must log in to join this conversation.
li.common.scroll-to.top
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use