1. Home
  2. Linux

How To Enable Root SSH Login On Linux

SSH is great, as it gives Linux users easy console access to any computer over a network. One way to improve your SSH experience on Linux is to enable Root SSH login. With this setting, it’s easy to quickly log directly into the Root account to accomplish system-level tasks.

Root isn’t enabled in SSH by default, for security reasons. However, if you manage a lot of systems and need constant root access for executing scripts, automation and etc, turning on this feature is a must.

To be clear, turning on Root login over SSH is dangerous. Please don’t do this if you are new to SSH!

Root Password

The first step to enabling Root login over SSH is to enable the Root account. For many Linux distributions (Ubuntu and others like it), Root isn’t active, for security. Instead, users do everything via sudo privileges. For the most part, not using the Root account is fine, and sudo can do the job. However, with SSH, users need to know the Root password.

First, log into your remote server/PC you wish to enable Root over SSH on remotely:

ssh user@remote-ip-addres

If you set up your Linux distribution and didn’t configure a Root user, you’ll need to follow the steps below to setup Root. Please understand that this process won’t work without a user that has the ability to use sudo. To start off, open up a terminal. In the terminal, run:

sudo -s

Using sudo with -s will give the user a Root shell, much like logging in with su does. From here, it’s possible to invoke the “new password” command for the Root user.

passwd

Running passwd will prompt the user to specify a “new UNIX password”. Write in the new password for the Root account on your PC. For security purposes, please do not use the same password for Root as your normal user account. Be sure to generate a secure but memorable password for the account.

After setting the password, log out of the Root shell with exit.

exit

Lastly, confirm the new Root password works by logging into it via su.

su -

Enable Root Login

Now that we know it’s possible to log in as a Root user, it’s time to enable the Root login setting in the SSHD config file. Once again, start off by opening up a terminal and connecting over SSH as a normal user.

Note: Don’t want to modify your SSH server remotely? Modify it locally instead of in the terminal.

ssh user@remote-ip-address

We’re connected (remotely) over SSH to the SSH server. Next, elevate the normal connection to Root access by logging in via su.

su –

Next, using the Nano text editor, open up the SSH server configuration file.

nano /etc/ssh/sshd_config

Look through the configuration file, find “PermitRootLogin”. It may have “no” in front of it. If this is the case, change the “no” to “yes”.

In other instances of SSH, “PermitRootLogin” may say “prohibit-password”. Delete “prohibit-password”, and change it to “yes”.

After changing the Root settings for the SSH server, you’ll need to save the configuration changes. Configuration changes save in Nano by pressing the Ctrl + O keyboard combination. Close the Nano editor with Ctrl + X when the configuration saves correctly.

Applying Root Setting

Now that Root login is enabled in the settings, you’ll need to restart the SSH daemon to apply the changes. On most Linux PC’s this can easily be accomplished with systemd. In a terminal, gain root access with su or sudo:

su -

or

sudo -s

After gaining root, use systemd to restart the SSH daemon.

systemctl restart sshd

Don’t use systemd? Try this command instead:

service ssh restart

If neither command works to restart the SSH daemon, a foolproof way is to just restart the server running SSH:

reboot

After rebooting, the changes should be applied. To log in as root, open up a terminal and try the following:

root@ssh-server-ip

Disable Root Login

Don’t want Root login via SSH anymore? Luckily, the feature is as easy to turn off as it is to turn on. The first way is to just lock the Root account. Doing it this way allows the setting to be turned on and off on the fly via unlocking the Root account. To lock Root, gain a superuser shell via sudo and run:

passwd --lock root

This command scrambles the root account and effectively disables it. To get it back for use with Root over SSH, follow the instructions at the top of the article.

Alternatively, to fully disable Root login, open up a terminal (with Root):

su -

or

sudo -s

In the SSH config file, find “PermitRootLogin” and change it from “yes” to “no”.

nano /etc/ssh/sshd_config

Press Ctrl + O to save, exit with Ctrl + X and then reboot. Upon reset, Root login will not work.

Leave a comment