By default, all Linux systems include a root user who has complete control over the system. This means that if an attacker acquires root access, they will be able to completely control, alter, or destroy your server. Allowing root login over SSH raises the risk of brute-force attacks, in which hackers attempt to guess your root password and get access.

To improve security, disable root login and establish a non-root user with administrative access. In this post, we’ll walk you through the steps to deactivate root login via SSH on Ubuntu, preventing unauthorized users from accessing your server as root.

Step 1: Logging In and Checking Authentication Logs

Before making any changes to the SSH setup, you must connect to your server as a non-root user with sudo capabilities. You will also check the authentication logs for any unauthorized login attempts.

Accessing Your Server as a Non-Root User

To log in with a password, run the following line in your terminal:

ssh sammy@your_server_ip

To perform key-based authentication, use:

ssh -i your_private_key sammy@your_server_ip

Note: Replace sammy with the username of your sudo-enabled user and your_server_ip with the IP address of the Ubuntu server.

You should create a sudo-enabled account before removing the root login. Without a sudo user, you may lose administrative control over your server.

Checking Authentication Logs for Unauthorized Access

Once logged in, go to the authentication logs directory.

cd /var/log/

To view the authentication log, run the following command:

sudo cat auth.log

This log includes all login attempts to your server, both successful and failed. If you notice several failed login attempts, it indicates that someone is attempting to break into your server.

Disabling root login significantly lowers the risk of brute-force attacks and unauthorized access.

Step 2: Disable Root Login Ubuntu Over SSH

To disable root login, edit the SSH configuration file and restart the SSH service.

Editing the SSH Configuration File

Open the SSH daemon configuration file with a text editor, such as nano.

sudo nano /etc/ssh/sshd_config

Search for the following line in the file:

PermitRootLogin yes

Change it to:

PermitRootLogin no

This setting informs the SSH daemon to refuse all SSH login attempts from the root user.

Tip: If the line does not already exist in your configuration file, add it at the end.

After making the changes, save the file by pressing CTRL + X, Y, and Enter.

Restarting the SSH Service

To apply the modifications, restart the SSH service by running the following command:

sudo systemctl restart sshd

Restarting the SSH service ensures that any configuration changes take effect immediately.

Step 3: Testing If Root Login Is Disabled

Now that we’ve changed the SSH setup, we’ll see if the root login is disabled.

Attempting to Log In as Root

Open a new terminal window and attempt to log in as the root user.

In the case of password-based authentication:

ssh root@your_server_ip

For authentication based on keys:

ssh -i your_private_key root@your_server_ip

If the changes were successfully implemented, you should get the following error message:

Permission denied; please try again.

This confirms that SSH no longer supports root logins.

Logging In with a Sudo User

Because root login is disabled, you should now visit the server as a non-root user.

In the case of password-based authentication:

ssh sammy@your_server_ip

For authentication based on keys:

ssh -i your_private_key sammy@your_server_ip

Once logged in, you can use sudo to conduct administrative activities. For example, to upgrade your system, run:

sudo apt update && sudo apt upgrade -y

Using a sudo-enabled user allows you to maintain complete control over your system while keeping it secure.

Additional Security Tips

In addition to blocking root login, you should adopt the following security measures:

1. Use SSH Key Authentication: To improve security, use SSH keys rather than passwords.
2. Change the SSH Port: Change the SSH port (22) by default to reduce your risk of brute-force attacks.

Enable a Firewall: Use the Uncomplicated Firewall (UFW) to prevent unwanted access:
sudo ufw allow OpenSSH

sudo ufw enable

3. Use Fail2Ban: To automatically block IP addresses with a history of unsuccessful login attempts, install Fail2Ban.

Regularly Update Your System: Update your server regularly to fix security flaws.
sudo apt update && sudo apt upgrade -y

Conclusion

We discussed how to disable root login ubuntu in this article. Ubuntu to make your Linux-based computer more secure. We effectively prevented direct root access by changing the SSH configuration file and restarting the SSH service, which lowered the possibility of unwanted access.

Your server is now more secure with root login disabled, and you may still use a sudo-enabled non-root user to carry out administrative activities.

You can further strengthen your server’s defenses by following best security practices, which include using SSH keys, changing the default SSH port, and turning on a firewall.

The post How to Disable Root Login in Ubuntu for Enhanced Server Security? appeared first on Tricky Enough.