VPS Plans HelpDesk Services MARKETPLACE Tutorials Support My Account
Home / Linux / How to Disable Root SSH Login

How to Disable Root SSH Login

Disable root SSH login safely without losing access: create a sudo user, update sshd_config, restart SSH, and verify.

Views: 20 Unique: 17 Updated: 2026-03-20

What this is

This procedure disables SSH login directly as root. You will log in with a normal user and use sudo for admin tasks.

What it is for

  • Reduce brute-force attempts against the root account
  • Improve auditability (each admin has their own account)

Prerequisites (DO NOT skip)

  • You already have a working sudo user (test it first)
  • SSH access and an open session while you apply changes

Step-by-step

Step 1) Confirm your sudo user works

sudo whoami

Expected output: root

Step 2) Edit SSH configuration

sudo nano /etc/ssh/sshd_config

Set (or add) this line:

PermitRootLogin no

What it does: Prevents root from logging in via SSH.

Step 3) Validate config

sudo sshd -t

Expected output: No output means OK.

Step 4) Restart SSH service

Ubuntu/Debian:

sudo systemctl restart ssh

RHEL-based:

sudo systemctl restart sshd

Step 5) Verify from a NEW terminal

Test normal user login:

ssh USERNAME@YOUR_SERVER_IP

Then test root login (should fail):

ssh root@YOUR_SERVER_IP

Expected output: Permission denied for root.

Warnings & notes

  • Do not close your current session until you confirm new login works.
  • Best practice: use SSH keys and disable password authentication later.

Final verification

sudo grep -n "^PermitRootLogin" /etc/ssh/sshd_config

Expected output: Shows PermitRootLogin no.

Conclusion

Root SSH login is now disabled. This is a major security improvement, especially when combined with SSH keys and a firewall.

Back to category