Disable SSH Root Login on Ubuntu Linux

Securing your Ubuntu Linux server is critical to preventing unauthorized access, and one of the most effective first steps is disabling direct SSH root logins. This article provides a quick, step-by-step guide on how to locate the SSH configuration file, modify the specific parameter required to block root access, and safely restart the SSH service to apply the changes.

The parameter used to disable direct root login via SSH on an Ubuntu Linux server is PermitRootLogin.

To disable root login, follow these steps:

1. Open the SSH Configuration File

Access your server via SSH using a non-root user with sudo privileges and open the SSH daemon configuration file with a text editor:

sudo nano /etc/ssh/sshd_config

2. Modify the Parameter

Scroll through the file to find the line containing PermitRootLogin.

• If the line is commented out with a # symbol (e.g., #PermitRootLogin prohibit-password), remove the #.
• Change the value of the parameter to no:

PermitRootLogin no

3. Save and Close the File

If you are using nano, press Ctrl + O to write the changes, press Enter to confirm, and then press Ctrl + X to exit the editor.

4. Test the SSH Configuration

Before restarting the SSH service, verify that there are no syntax errors in your configuration file:

sudo sshd -t

If this command returns no output, your configuration is valid.

5. Restart the SSH Service

Apply the changes by restarting the SSH daemon:

sudo systemctl restart ssh

Once restarted, direct SSH attempts to the root user account will be rejected, forcing users to log in as a standard user first and elevate their privileges using sudo.