How Can We Help?
< All Topics

Disallow Root Logins

Disallowing root logins is a good security practice to help protect your CentOS system from unauthorized access. You can disable direct root logins by following these steps:

  1. Log In: Open a terminal and log in to your CentOS system with a user account that has superuser privileges. If you’ve just created a new user, you can use that account.
  2. Edit SSH Configuration: CentOS typically uses OpenSSH as the SSH server. To disallow root logins, you need to edit the SSH configuration file. Open the SSH configuration file /etc/ssh/sshd_config with a text editor. You can use a command-line text editor like nano or vim:
   sudo nano /etc/ssh/sshd_config

If you are using nano, navigate to the line that reads PermitRootLogin and modify it.

If you are using vim, press “i” to enter insert mode and modify the line.

  1. Modify PermitRootLogin: Find the line that says PermitRootLogin and change its value to no. It should look like this:
   PermitRootLogin no

This configuration change will prevent the root user from logging in directly through SSH.

  1. Save and Exit: If you are using nano, press Ctrl + O to save the file, then press Enter, and finally press Ctrl + X to exit. If you are using vim, press Esc, then type :wq and press Enter to save and exit.
  2. Restart SSH Service: After modifying the SSH configuration, you need to restart the SSH service for the changes to take effect. Use the following command:
   sudo systemctl restart sshd
  1. Test the Configuration: To ensure that root logins are disabled, open a new terminal and attempt to log in as the root user via SSH. You should receive a message like “Permission denied.” To log in, you will need to use a regular user account and then use sudo or su to gain superuser privileges.

By disabling direct root logins, you enhance the security of your CentOS system because attackers will need to know both a valid username and its associated password to log in via SSH. This is an additional layer of security compared to allowing root logins, which can be more vulnerable to brute-force attacks.

Please suggest edits or add your comments.

Your email address will not be published. Required fields are marked *

Scroll to Top