Secure Linux: Disable Root SSH Login and Set Up a Sudo User

Background

For security reasons, root login via SSH should be disabled.

After disabling root SSH login, a privileged user is needed for remote access.

Create a User with Sudo Privileges

Create a regular user "rain"

useradd command creates a user; -m creates a home directory, -c adds a comment.

useradd -m -c "Normal User" rain

Set a password for the user "rain"

Note: Password should be at least 8 characters, include upper and lower case letters, numbers, special symbols, and must not contain the username.

passwd rain

Add the user "rain" to the administrative group

usermod modifies user settings; -G specifies groups to add, and omitting -a removes the user from groups not listed.

In CentOS/RHEL the wheel group has sudo rights; in Debian/Ubuntu the sudo group does.

usermod -aG wheel rain

Disable Root SSH Login

Switch to the privileged user "rain"

After creating a user with administrative rights, switch to it to prevent root SSH login.

su rain

Edit the sshd_config file

Although the file can be edited directly with root, using the privileged account (rain) ensures the account already has sudo rights.

sudo vi /etc/ssh/sshd_config

Set the PermitRootLogin parameter to no .

PermitRootLogin no

Restart the sshd service

After saving the file, restart the sshd service to apply changes.

On older Linux versions the command may be sudo service sshd restart .

sudo systemctl restart sshd

Test the root SSH login

The login attempt should fail with the same result as an incorrect password.