Disable direct root login via SSH

Please follow the given steps to disable direct root login access to the server via shell prompt.

STEP 1: Create a user and add it to the wheel group

SSH into your server as root and follow the below commands to create a user.

$ groupadd new
$ useradd new -gnew
$ passwd new

You can create any user instead of “new”.

STEP 2: Add user to wheel group

You can add the user at the end of the ‘group’ file.

$ grep wheel /etc/group
wheel:x:10:root

Add the user ‘new':

wheel:x:10:root,new

For CPanel Servers, do the following.

1. Log into your WHM and click on “Manage Wheel Group Users”.

2. Select the user (Here it is “new”) and click ‘Add to group’.

3. Before disable the root access, check if the user can login and su – to gain root privileges.

SSH into your server as ‘new’

Login as: new
Password : enteryouruserpasswordhere
su –
password: enter root password here

STEP 3: Disable Direct Root Login

1. Copy and paste this line to edit the file for SSH logins

$ vi /etc/ssh/sshd_config

2. Find the line

Protocol 2, 1 

3. Uncomment it (Remove #) and change it to look like

Protocol 2

4. Next, find the line

PermitRootLogin yes 

5. Uncomment it (Remove #) and make it look like PermitRootLogin no

6. Save the file.

Now, no one will be able to login to root with out first logging in as ‘new’ and ‘su -‘ to root.