Disable or Enable SSH Root Login and Secure SSH Access in CentOS 7

We all know that CentOS comes with root access disabled for the outside world by default. This means that you can not directly log in as a root user via SSH, but you can still go ahead and utilize root privileges by using the ‘sudo’ command instead. However, sometimes it is more convenient to log in direct as the root user. That’s why in this article, we will talk about how to enable, disable and secure the SSH login to your server when attempting to log in as root.

Before we start, we will need several requirements to be fulfilled before continuing this tutorial.

Requirements:

  • Installed CentOS;
  • Access via SSH to your VPS;
  • A regular user that can use ‘su’ or ‘sudo’ to gain root privileges;

Login to your CentOS VPS via SSH as a regular user with sudo privileges:

ssh user_name@Server_IP_Address -p Port_Number

Disable SSH Root Login

Disable SSH Root Login CentOS 7

Disable SSH Root Login in CentOS 7

In order to disable the root login, we need to modify the main ssh configuration file “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.

nano /etc/ssh/sshd_config

Now search for this line below in the file.

#PermitRootLogin no

Uncomment the line by removing the ‘#’ from the beginning of the line. The line in the file should look like this:

PermitRootLogin no

By executing the following command we will restart the SSH daemon service:

systemctl restart sshd.service

Now when we try to log in as the root user, you should get an “Access Denied” error.

login as: root
root@Server_IP_Address password:
Access denied
root@Server_IP_Address password:

At this point, you are not able to log in directly as root, but you can still log in as a normal user with sudo privileges and use ‘sudo’ or ‘su’ command to switch to the root user. For example:

login as: username
username@Server_IP_Address password:
Last login: Wed Sep 26 12:11:38 2018 from IP_address
[username@hostname ~]$ su -
Password:
Last login: Thu Sep 27 11:05:19 CDT 2018 from IP_address on pts/1
[root@hostname ~]#

Enable SSH Root Login

Enable SSH Root Login CentOS 7

Enable SSH Root Login CentOS 7

In order to enable logging in as root, we need to modify the main ssh configuration file  “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.

nano /etc/ssh/sshd_config

Find the following line in the file.

PermitRootLogin no

Comment the line out by adding a ‘#’ at the beginning of the line, or change ‘no’ to ‘yes’ like in the examples shown below.

#PermitRootLogin no

or

PermitRootLogin yes

After we save the file we should restart the sshd service.

systemctl restart sshd.service

You can now try to log in directly as a root user.

login as: root
root@Server_IP_Address password:
Last login: Wed Sep 27 12:22:50 2018 from IP_address
[root@hostname ~]#

Secure SSH Access in CentOS 7

In this section, we will provide you with a few simple tips on how to secure the SSH access on your CentOS 7 server.

Changing the SSH Server Port

In order to change the Standard listening Port, you need to modify the SSH configuration file by using the command below:

nano /etc/ssh/sshd_config

secure ssh access in centos 7Next, you need to find the line that refers to the port number. After you find the port number which (the default value should be 22), you can edit the default one to the number you prefer.

When you are finished with editing, press Ctrl+O, and then press Ctrl+X in order to save and exit.

Restart the SSH daemon service by executing the command:

systemctl restart sshd.service

Disabling SSH Protocol 1

There are two versions of SSH protocols: SSHv1, and SSHv2. Using the SSHv1 protocol is not recommended because it’s an older version and is less secure than the newer SSHv2 protocol. In the next section, we will disable SSHv1. If you need this version for any reason, then you can ignore this part.

Open the SSH configuration file with this command:

nano /etc/ssh/sshd_config

Uncomment the line

Protocol 2,1

and edit it to:

Protocol 2

Now we should restart the SSH service in order for the new configuration to take effect. We can do that by executing this command:

systemctl restart sshd.service

Disabling root access is also one of the ways to secure your SSH server, which we showed you at the beginning of the article.

In this tutorial, we learned how to disable and enable the root login in SSH.
We also learned how to secure the SSH server by changing the port number, disabling root access and disabling the SSH protocol SSHv1.


Disable or Enable SSH Root Login and Secure SSH Access in CentOS 7If you are one of our managed VPS hosting clients, you can simply ask our system administrators to Enable or Disable root login through SSH on your CentOS server. They are available 24/7 and will take care of your request immediately.

If you find this blog post useful, please share it with your friends via social media networks, or if you have any questions please leave a comment below and we will reply to it. Thanks!