Operations 5 min read
How to Secure Linux: Create a Sudo User and Disable Root SSH Login
This guide explains why disabling root SSH access is essential, then walks through creating a privileged user, assigning sudo rights, editing the sshd_config file to reject root logins, restarting the service, and verifying that root login is effectively blocked.
Raymond Ops
Raymond Ops
Background
For security reasons, root login via SSH should be prohibited.
After disabling root SSH login, a privileged user is needed for remote access.
Create a user with sudo privileges
Create a normal user "rain"
useradd command creates a user; -m creates a home directory, -c adds a comment.
useradd -m -c "Normal User" rainSet a password for the user
Password should be at least 8 characters, include upper‑ and lower‑case letters, numbers, special symbols, and must not contain the username.
passwd rainAdd the user to the admin group
usermod modifies user settings; -aG appends the user to a group. On CentOS/RHEL the wheel group has sudo rights, while on Debian/Ubuntu the sudo group does.
usermod -aG wheel rainDisable root SSH login
Switch to the privileged user
su rainEdit the sshd_config file
Even though root can edit the file, using the sudo‑enabled user ensures the changes are made with proper privileges.
sudo vi /etc/ssh/sshd_configSet PermitRootLogin to no .
PermitRootLogin noRestart the SSH service
After saving the file, restart the service to apply changes. Older systems may use sudo service sshd restart .
sudo systemctl restart sshdTest root login
The login attempt fails with the same response as an incorrect password, confirming that root SSH access is disabled.
Written by
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
0 followers
Reader feedback
How this landed with the community
Rate this article
Was this worth your time?
Discussion
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.