You are currently viewing How to disable root User Login on centos

How to disable root User Login on centos

The root user has superuser privileges in a VPS (virtual private Server) setup. This allows them unrestricted access to the system; meaning they can do anything on the system. For security reasons, it’s however advised to disable root user from direct user server access. Instead, using a regular user and giving them superuser privileges is recommended. This article focuses on how to disable root user login.

disable root User Login

To achieve this, see below a highlight and an explanation of the steps involved.

  1. Connect to the VPS
  2. Create new user
  3. Grant the new user sudo privileges
  4. Check if the new user is able to execute the root tasks
  5. Disable the root user
  6. Final Test.

How to connect to VPS on SSH

  • Access the VPs on SSH. Use your preferred SSH client. If on the terminal, use the following command.
ssh root@Vps-IP #assumed that the ssh port is 22
ssh root@Vps-IP -p ssh-port    #Use this when a different port is set

How to create a new user

Once logged into the VPs, create a new user who will serve as the root user. Execute the following command to create a user

adduser newuser  #where newuser is the name of the new user. Follow the promts as needed and share the required information

Since the user created does not have administrative privileges, run the following command to give the user sudo access.

usermod -aG sudo newuser    ##Debian/Ubuntu
usermod -aG wheel admin    #CentOS/RHEL

In case the above command throws an error, this means that the sudo group does not exist. In some distributions, the group used to grant sudo privileges may vary or have a different name. To further determine the group used for granting sudo privileges run the following command:

sudo visudo

once the above file opens, locate the line that begins with ‘%sudo’ or ‘%admin’ or any other name, but starts with the percentage sign, usually below the comment:”##Allows people in group wheel to run all commands” and run the usermod -aG sudo newuser command and replace the name sudo with the name identified in the above check.

How to change a user password on SSH

If you were not asked for a password when creating the new user, proceed and set up a password. Run the command below.

password newuser #where newuser is the username of the user you just created. Enter  the new password and confirm.

Test the new user

Switch to the new user created and test if this user can execute the root commands. To switch to the new user, run the following command.

su - newuser   #switch to the new account; enter the password on prompt.

Once switched to the new user, check if you are able to run the administrative sudo commands by running the following. 

sudo ls -la /root     #This will check if the new user is able to list, or read the content in the root folder.

If the above works as needed, proceed to disable the root login. While still logged in, edit the ssh configuration file. Open the file with your preferred text editor.

sudo nano /etc/ssh/sshd_config

Locate the line with the root access settings, that reads: “PermitRootLogin yes” and replace this directive with “PermitRootLogin no”. If the directive does not exist, add it. Save the file and exit. Proceed to restart the ssh service by running the command:

systemctl restart sshd     #in centos
OR
service sshd restart #in centos
sudo service ssh restart  #in ubuntu

Testing the configurations

The final step is to test the configurations. This ensures that the setup works as expected before we log out. Open a new tab on the terminal or a new session on your preferred ssh client. Try accessing the VPS using the root user. We expected to get an error that “login is not permitted”. Now try accessing the VPS using the newly created user. If this is a success, this means that the new user is properly set and the root user disabled.

Make a donation to support us

Web Hosting and email hosting Packages

Hosting In Kenya
Hosting In Nigeria
Other Countries

For web development services, SEO services, Digital marketing strategies, website set up services, web hosting and domain registration; contact Dynamic Technologies.

Related content:

Tags: ,