Disable or Enable SSH Root Login and Limit SSH Access in Linux
Disable SSH Root Login
To disable root login, open the main ssh configuration file /etc/ssh/sshd_config with your choice of editor.
# vi /etc/ssh/sshd_config
Search for the following line in the file.
#PermitRootLogin no
Remove the ‘#‘ from the beginning of the line. Make the line look like similar to this.
PermitRootLogin no
Next, we need to restart the SSH daemon service.
# /etc/init.d/sshd restart
Now try to login with root user, you will get “Access Denied” error.
So, from now onwards login as normal user and then use ‘su’ command to switch to root user.
Enable SSH Root Login
To enable ssh root logging, open the file /etc/ssh/sshd_config.
# vi /etc/ssh/sshd_config
Search for the following line and put the ‘#‘ at the beginning and save the file.
# PermitRootLogin no
Restart the sshd service.
# /etc/init.d/sshd restart
Now try to login with root user.
Limit SSH User Logins
If you have large number of user accounts on the systems, then it makes sense that we limit remote access to those users who really need it. Open the /etc/ssh/sshd_config file.
# vi /etc/ssh/sshd_config
Add an AllowUsers line at the bottom of the file with a space separated by list of usernames. For example, user test1 and test2 both have access to remote ssh.
AllowUsers test1 test2
Now restart ssh service