How do I disable ssh access for root?

[snuts]

In a tutorial I found it is suggested the sshd config file can be edited with nano to change the status of 'PermitRootLogin' from 'yes' to 'no' using the command:

Code: Select all

nano /etc/ssh/sshd_config

Unfortunately what I see is this:

PermitRootLogin without-password
StrictModes yes

How should the configuration file be changed to disable ssh access for root?

[Ernst]

Use "no" instead of "without-password" as stated on the first line of your post.

[mfa298]

Code: Select all

man sshd_config

will give you all the possible options in particular

PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be “yes”, “without-password”,
“forced-commands-only”, or “no”. The default is “yes”.

If this option is set to “without-password”, password authentication is disabled for root.

If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but
only if the command option has been specified (which may be useful for taking remote backups even if root login
is normally not allowed). All other authentication methods are disabled for root.

If this option is set to “no”, root is not allowed to log in.

So you could change that value to no in the same way. In most cases without-password will be just as secure as it only allows key based authentication.

[knute]

AllowUsers pi

in the sshd_config file prevents any user except pi from logging in.