Allowing root login over SSH is commonly considered a poor security practice throughout the tech industry. Instead, you could perform sensitive administrative tasks by connecting with a user account and executing commands using sudo
.
Disable root access
View the contents of the SSH configuration file using the following command.
cat /etc/ssh/sshd_config
In this file you will find the following line:
#PermitRootLogin no
Un-comment the line using your desired editor. Then restart the SSH service for the changes to take effect.
/etc/init.d/ssh restart
Please note that login to the root account will still be possible via the AKLWEB HOST console.
Restrict root access by IP address
As previously mentioned, a good security practice is to not allow root access via SSH at all. However if root access is absolutely necessary, you can restrict it by IP address.
To restrict root access to a specific IP address add the following line to the sshd_config
file (substitute xxx.xxx.xxx.xxx for the IP address).
AllowUsers root@xxx.xxx.xxx.xxx
Restart the SSH service for the changes to take effect.
/etc/init.d/ssh restart