We all know that CentOS comes with root access disabled for the outside world by default. This means that you can not directly log in as a root user via SSH, but you can still go ahead and utilize root privileges by using the ‘sudo’ command instead. However, sometimes it is more convenient to log in direct as the root user. That’s why in this article, we will talk about how to enable, disable and secure the SSH login to your server when attempting to log in as root.
Before we start, we will need several requirements to be fulfilled before continuing this tutorial.
Requirements:
To configure your router to allow incoming SSH connections, you will need to consult the manufacturer’s instructions regarding port forwarding on your particular router model. Firewall is blocking SSH port Another thing to check is your operating system’s firewall. Connection Forwarding. One common use of SSH is forwarding connections, either allowing a local connection to tunnel through the remote host, or allowing the remote machine access to tunnel through the local machine. SSH can also do dynamic forwarding using protocols like SOCKS5 which include the forwarding information for the remote host.
- Installed CentOS;
- Access via SSH to your VPS;
- A regular user that can use ‘su’ or ‘sudo’ to gain root privileges;
Login to your CentOS VPS via SSH as a regular user with sudo privileges:
Disable SSH Root Login
In order to disable the root login, we need to modify the main ssh configuration file “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.
Now search for this line below in the file.
Uncomment the line by removing the ‘#’ from the beginning of the line. The line in the file should look like this:
How To Allow Ssh Connection
By executing the following command we will restart the SSH daemon service:
Now when we try to log in as the root user, you should get an “Access Denied” error.
At this point, you are not able to log in directly as root, but you can still log in as a normal user with sudo privileges and use ‘sudo’ or ‘su’ command to switch to the root user. For example:
Enable SSH Root Login
In order to enable logging in as root, we need to modify the main ssh configuration file “sshd_config” with a text editor of your choice. In our example, we will use nano as an editor.
Find the following line in the file.
Allow Ssh Connection
Comment the line out by adding a ‘#’ at the beginning of the line, or change ‘no’ to ‘yes’ like in the examples shown below.
or
After we save the file we should restart the sshd service.
You can now try to log in directly as a root user.
Secure SSH Access in CentOS 7
In this section, we will provide you with a few simple tips on how to secure the SSH access on your CentOS 7 server.
Changing the SSH Server Port
In order to change the Standard listening Port, you need to modify the SSH configuration file by using the command below:
Next, you need to find the line that refers to the port number. After you find the port number which (the default value should be 22), you can edit the default one to the number you prefer.
When you are finished with editing, press Ctrl+O, and then press Ctrl+X in order to save and exit.
Restart the SSH daemon service by executing the command:
Disabling SSH Protocol 1
There are two versions of SSH protocols: SSHv1, and SSHv2. Using the SSHv1 protocol is not recommended because it’s an older version and is less secure than the newer SSHv2 protocol. In the next section, we will disable SSHv1. If you need this version for any reason, then you can ignore this part.
Open the SSH configuration file with this command:
Uncomment the line
and edit it to:
Now we should restart the SSH service in order for the new configuration to take effect. We can do that by executing this command:
Disabling root access is also one of the ways to secure your SSH server, which we showed you at the beginning of the article.
In this tutorial, we learned how to disable and enable the root login in SSH.
We also learned how to secure the SSH server by changing the port number, disabling root access and disabling the SSH protocol SSHv1.
If you are one of our managed VPS hosting clients, you can simply ask our system administrators to Enable or Disable root login through SSH on your CentOS server. They are available 24/7 and will take care of your request immediately.
If you find this blog post useful, please share it with your friends via social media networks, or if you have any questions please leave a comment below and we will reply to it. Thanks!