November 16, 2020

How to disable root login on your SSH

Abhishek Thakur

This article describes how to disable SSH logins for the root account. For security reasons, you should create a normal user account, and then disable SSH logins for the root account as soon as possible.

The following procedures only apply to unmanaged accounts. Shared and reseller hosting accounts (with the exception of managed VPS accounts with root access) do not have root access to the server.

Step 1: Create a normal user account

Before you disable SSH logins for the root account, you must create a normal user account. (Otherwise, you will be unable to access your server when you disable the root account for SSH logins.)

CentOS and Fedora

To create a user and grant it administrative privileges on a server running CentOS or Fedora, follow these steps:

  • Log in to the server using SSH.

  • At the command prompt, type the following command.

  • Replace username with the name of the user that you want to add:

  • Type the following command, replacing username with the name of the user that you created in step 2:

  • To grant administrative privileges to the user, type the following command:

This command opens the sudoers file for editing.

  • Add the following line to the file. Replace username with the name of the user that you created in step 2:

Now the user can run commands as the root user by prefixing the command with sudo. For example, the user can view the root home directory by typing the command sudo ls /root. The user can now run any command as the root user. For security reasons, however, you may want to restrict which commands the user can run as root. Alternatively, you can use the su command to change to the root user account from any account (assuming you know the root password).

Debian and Ubuntu

To create a user and grant it administrative privileges on a server running Debian or Ubuntu, follow these steps:

  • Log in to the server using SSH.

  • At the command prompt, type the following command.Replace username with the name of the user that you want to add:

  • Install the sudo package. To do this, type the following command:

  • To add the user to the sudo group, type the following command. Replace username with the name of the user that you created in step 2.

By default, the user can now run any command as the root user. For security reasons, however, you may want to restrict which commands the user can run as root by using the visudo command. Alternatively, you can use the su command to change to the root user account from any account (assuming you know the root password).

Step 2: Disable SSH login for root

After you create a normal user, you can disable SSH logins for the root account. To do this, follow these steps:

  • Log in to the server as root using SSH.

  • Open the /etc/ssh/sshd_config file in your preferred text editor (nano, vi, etc.).

  • Locate the following line:

  • Modify the line as follows:

  • Add the following line. Replace username with the name of the user you created in the previous procedure:


This step is crucial. If you do not add the user to the list of allowed SSH users, you will be unable to log in to your server!

  • Save the changes to the /etc/ssh/sshd_config file, and then exit the text editor.

  • Restart the SSH service using the appropriate command for your Linux distribution:

        • For CentOS and Fedora, type:

        • For Debian and Ubuntu, type:

While still logged in as root, try to log in as the new user using SSH in a new terminal window. You should be able to log in. If the login fails, check your settings. Do not exit your open root session until you are able to log in as the normal user in another window.


Did you find this article helpful? Then you’ll love our support. Experience the 99RDP Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

Popular Blog Posts