How to Disable Root Login in Ubuntu 20.04

  • 294 views
  • 4 minute read
Hadi Bahadori
  • November 11, 2024
0 Shares
0
0
0
0
0
Shares
0
0
0
0

Introduction

All Linux-based machines are installed by default with a default root user who has all the privileges on the system; by default, you always act as the root user (superuser). Security best practices recommend that you disable root login via SSH to prevent unauthorized access to your Linux-based machine. Disabling root login blocks root access via SSH to your Linux machine, which means that no one can take advantage of unlimited privileges. Following recommended security practices, you should create an additional user with almost all the superuser privileges to log in to.

In this tutorial, you will disable root login in Ubuntu to prevent unauthorized root access via SSH and improve the security of your Linux-based system.

Prerequisites

To complete this tutorial, you will need the following:

  • An Ubuntu 20.04 server with a non-root user with sudo privileges, a firewall, and at least 1GB of RAM, which you can set up by following our initial Ubuntu 20.04 server setup guide.

Step 1 — Log in and check auth.log

At this point, you log in to the server as your non-root user with sudo privileges to check for authentication attempts. By checking the authentication log, you may see both authorized and unauthorized login attempts.

During the prerequisite steps, you created a new user and added that user to the sudo group to grant it administrative privileges. You will use this sudo user to access your system, as you will not be able to log in as the root user after disabling root login.

Depending on your chosen login method, use SSH to log in to the server. If you used an SSH key to log in to the root account during the initial server setup, you should use the key-based mechanism, as password authentication is disabled when using key-based login. Otherwise, use password-based login with the sudo user password.

ssh sammy@your_server_ip

If you are using the key-based login method, use the following command to log in to the server as the sudo user:

ssh -i your_private_key sammy@your_server_ip

Flag -i Points to the identity file from which your private key is read for authentication.

Then, check the auth.log file using the following command:

cd /var/log/
sudo cat auth.log

Enter your password if prompted.

You will get output similar to this:

Output
May 29 18:46:32 ubuntu sshd[3886]: Disconnected from invalid user cally 43.155.90.144 port 47454 [preauth]
May 29 18:51:56 ubuntu sshd[3890]: Received disconnect from 195.38.129.16 port 10017:11: Bye Bye [preauth]
May 29 18:51:56 ubuntu sshd[3890]: Disconnected from authenticating user root 195.38.129.16 port 10017 [preauth]
May 29 18:52:24 ubuntu sshd[3892]: Received disconnect from 178.128.234.248 port 58660:11: Bye Bye [preauth]
May 29 18:52:24 ubuntu sshd[3892]: Disconnected from authenticating user root 178.128.234.248 port 58660 [preauth]
May 29 18:52:34 ubuntu sshd[3894]: Received disconnect from 43.134.106.128 port 33854:11: Bye Bye [preauth]
May 29 18:52:34 ubuntu sshd[3894]: Disconnected from authenticating user root 43.134.106.128 port 33854 [preauth]
May 29 18:53:07 ubuntu sshd[3896]: Invalid user projects from 176.183.60.72 port 42070
May 29 18:53:07 ubuntu sshd[3896]: Received disconnect from 176.183.60.72 port 42070:11: Bye Bye [preauth]
May 29 18:53:07 ubuntu sshd[3896]: Disconnected from invalid user projects 176.183.60.72 port 42070 [preauth]
May 29 18:57:27 ubuntu sshd[3900]: Received disconnect from 92.255.85.135 port 20436:11: Bye Bye [preauth]
May 29 18:57:27 ubuntu sshd[3900]: Disconnected from authenticating user root 92.255.85.135 port 20436 [preauth]
May 29 19:06:40 ubuntu sshd[3903]: Invalid user default from 27.71.207.190 port 57513
May 29 19:06:41 ubuntu sshd[3903]: Connection closed by invalid user default 27.71.207.190 port 57513 [preauth]
...

After logging in and checking your authentication log, you may see a lot of unauthorized requests that your server is receiving. This could indicate that you should disable root login and change your keys and passwords regularly.

Step 2 — Disable root login

In this step, you will open the sshd_config file to disable root login and then restart the sshd service to read the configuration after the modifications.

The sshd_config file contains SSH configuration files that store parameters used by the sshd service. The sshd service is responsible for managing SSH connections. You must restart the sshd service to apply the configuration changes.

sudo nano /etc/ssh/sshd_config

Browse the file and look for the PermitRootLogin line:

Output
...
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
...

Then, the value PermitRootLogin from yes To no Change:

Output
...
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
...

Save and close the file, then restart the sshd service to apply the configuration changes:

sudo systemctl restart sshd

Step 3 — Root Login Test

After disabling root login, try logging in as the root user using SSH. To log in using your password or SSH key, use the following commands:

ssh root@your_server_ip

Logging in as root will result in an error message like this:

root@your_server_ip: Permission denied (publickey).

To regain access to the server, use the credentials of a non-root user with sudo privileges to log in:

ssh sammy@your_server_ip

Result

In this article, you have configured sshd to disable root login in Ubuntu. Now you know how to disable root login on your Linux-based machines and thus provide more security to your systems.

In this article:
Post written by:
Follow
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article
Next Article
You May Also Like