In this tutorial, we will show you how to disable root SSH access on CentOS 7. By default when you install CentOS 7 and SSH server, the root account automatically has remote access via SSH. This can be dangerous. If the root account password falls into the wrong hands, your server is at the mercy of the bad guys with the password. They can delete every file and folder on the server and take down the entire system with a few commands. That’s why limiting the root account from directly accessing the server is recommended.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step disable root SSH access on a CentOS 7 server.
Note: Before you disable SSH logins for the root account, you must create a normal user account. (Otherwise, you will be unable to access your server when you disable the root account for SSH logins.)
Prerequisites
- A server running one of the following operating systems: CentOS 7 or RHEL-based.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Disable Root SSH Access on CentOS 7
Step 1. First, let’s start by ensuring your system is up-to-date.
sudo yum clean all sudo yum -y update
Step 2. Disable Root SSH Access.
To disable that, open the SSH configuration file using the commands below:
nano /etc/ssh/sshd_config
Locate the following line in the configuration file:
PermitRootLogin yes
Change the “yes” to “no” to disable root SSH access:
PermitRootLogin no
Save the file and restart the SSH server by running the commands below:
sudo systemctl restart sshd
Once you have completed these steps, you will no longer be able to log in to your CentOS 7 server as the root user via SSH. Instead, you will need to use a non-root user account with sudo privileges to log in and perform administrative tasks. This reduces the risk of someone gaining unauthorized access to your server through the root account.
It’s important to note that if you are using a cloud-based server, such as one provided by AWS or Google Cloud Platform, you may need to modify your security group settings to allow SSH access for your non-root user account.
Congratulations! You have successfully disabled root SSH access. Thanks for using this tutorial to disable root SSH access on CentOS 7 system. For additional help or useful information, we recommend you check the official SSH website.