snuts
Posts: 4
Joined: Mon Feb 20, 2017 12:08 am

How do I disable ssh access for root?

Mon Feb 20, 2017 6:20 am

In a tutorial I found it is suggested the sshd config file can be edited with nano to change the status of 'PermitRootLogin' from 'yes' to 'no' using the command:

Code: Select all

nano /etc/ssh/sshd_config
Unfortunately what I see is this:
PermitRootLogin without-password
StrictModes yes
How should the configuration file be changed to disable ssh access for root?

Ernst
Posts: 1334
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: How do I disable ssh access for root?

Mon Feb 20, 2017 9:44 am

Use "no" instead of "without-password" as stated on the first line of your post.
The road to insanity is paved with static ip addresses

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: How do I disable ssh access for root?

Mon Feb 20, 2017 11:38 am

Code: Select all

man sshd_config
will give you all the possible options in particular
PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be “yes”, “without-password”,
“forced-commands-only”, or “no”. The default is “yes”.

If this option is set to “without-password”, password authentication is disabled for root.

If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but
only if the command option has been specified (which may be useful for taking remote backups even if root login
is normally not allowed). All other authentication methods are disabled for root.

If this option is set to “no”, root is not allowed to log in.
So you could change that value to no in the same way. In most cases without-password will be just as secure as it only allows key based authentication.

knute
Posts: 567
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: How do I disable ssh access for root?

Mon Feb 20, 2017 5:12 pm

AllowUsers pi

in the sshd_config file prevents any user except pi from logging in.

Return to “Beginners”