Ubuntu: Unable to disable ssh root login [duplicate]



Question:

This question already has an answer here:

Unable to disable root login on Ubuntu 14.10

  1. login as root
  2. vi /etc/ssh/ssh_config
  3. PermitRootLogin line is not here so i add it
  4. service ssh restart
  5. root login still works.

I even restarted the server and I'm still able to login in as root...
I also added a new user before i did all this.
Am I missing a step?


Solution:1

PermitRootLogin is an sshd (the daemon) setting, not an ssh (the client) setting. It should go into /etc/ssh/sshd_config, where I'm reasonably certain you'll find a PermitRootLogin line.


Solution:2

Just wanted to put this out there since on a normal iso install root account is disabled (unless maybe you enabled it)

I'm going to assume you didn't and you're using a cloud based service like maybe Digital Ocean, as they have root enabled unless you setup a key.

If this is the case, as I also use digital ocean, I find it is sometimes easier to allow root login, but restrict access by ip address.

In this way, if you're doing something where you definitely need root access, you can save some time by logging into root rather than your user account and then using sudo and having to put your password in again.

This is also done in /etc/ssh/sshd_config

At the bottom of the file add the line

AllowUsers root@youripaddress   

Or if I'm way off base here and you enabled the root account you can also limit access by local address only.

AllowUsers root@192.168.1.100  

Or you can allow any computer access on your LAN

AllowUsers root@192.168.1.x  

If you do go this route, you may also want to define your regular user as well, cause I think if you setup AllowUsers and don't include that user it won't let you connect. So as an example, let's say you want to allow root access from xxx.xxx.x.xx, but allow user fer access from anywhere, the setting would look like

AllowUsers root@xxx.xxx.x.xx fer@*  

@* means from anywhere

You can also DenyUsers much in the same way to prevent certain users ssh access.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »