HomeLinuxDisable direct root login via SSH

Disable direct root login via SSH

Please follow the given steps to disable direct ssh to the server via the shell prompt.

STEP 1: Create a user and add it to the wheel group

SSH into your server as root and follow the below commands to create a user.

$ groupadd new
$ useradd new -gnew
$ passwd new

You can create any user instead of “new”.

STEP 2: Add the user to the wheel group

You can add the user at the end of the ‘group’ file.

$ grep wheel /etc/group
wheel:x:10:root

Add the user ‘new’:

wheel:x:10:root,new

For CPanel Servers, do the following.

1. Log into your WHM and click on “Manage Wheel Group Users”.

2. Select the user (Here it is “new”) and click ‘Add to group’.

3. Before disabling the root access, check if the user can log in and su – to gain root privileges.

SSH into your server as ‘new’

Login as: new
Password : enteryouruserpasswordhere
su –
password: enter root password here

STEP 3: Disable Direct Root Login

1. Copy and paste this line to edit the file for SSH logins

$ vi /etc/ssh/sshd_config

2. Find the line

Protocol 2, 1 

3. Uncomment it (Remove #) and change it to look like

Protocol 2

4. Next, find the line

PermitRootLogin yes 

5. Uncomment it (Remove #) and make it look like PermitRootLogin no

6. Save the file.

Now, no one will be able to log in to root without first logging in as ‘new’ and ‘su -‘ to root.

Scroll to Top