Securing remote server access is paramount for system administrators and developers. While it’s common practice to disable root login over SSH due to security concerns, there are scenarios where enabling it is necessary, such as when managing a remote server without a user account or for specific administrative tasks. This article guides you through enabling SSH root login on Ubuntu or Debian Linux servers or desktops, ensuring you can access your system with the necessary precautions.
In this tutorial you will learn:
- How to set the root password on your Linux system
- Editing the SSH daemon configuration to permit root login
- Restarting the SSH service to apply changes
- Logging in as root via SSH
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Ubuntu or Debian Linux server or desktop |
| Software | SSH server (OpenSSH) |
| Other | Terminal access to the Linux system |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Understanding the Risk
Attempting to SSH into your server as the root user without the proper configuration yields a “Permission denied” error:
$ ssh root@ubuntu-server root@ubuntu-server's password: Permission denied, please try again. root@ubuntu-server's password: Permission denied, please try again. root@ubuntu-server's password:
This is a security measure to prevent unauthorized root access to your server. However, with the right precautions and understanding the risks, you can enable root login over SSH safely.
Allowing root to SSH directly into a system poses significant security risks. The root account has unrestricted access to all commands and files on a server, making it a prime target for attackers. If an attacker manages to compromise the root password, they gain complete control over the server, leading to potential data loss, data theft, or unauthorized changes to system configurations. Furthermore, it’s more challenging to audit system access and changes when multiple individuals use the root account to log in. Implementing a policy where users SSH into the system using their individual accounts, escalating to root only when necessary, enhances security by providing an audit trail and minimizing the risk of a complete system compromise.
- Setting the Root Password: It’s essential to ensure that a root password is already set before proceeding. On Debian systems the root password was most likely already configured during installation. If you’re unsure or need to update the root password for any reason, you can set or change it using the
sudocommand.$ sudo passwd
Setting the Root Password You will be prompted to enter your current sudo password, followed by the new root password you wish to set. This command updates the root password, securing your account with a new password.
- Editing SSH Configuration: The next step involves editing the SSH daemon configuration file to permit root login. Access the
sshd_configfile using a text editor like nano.$ sudo nano /etc/ssh/sshd_config
In the configuration file, find the line that says
PermitRootLoginand change it toyes. This action allows the root user to log in via SSH.
Editing SSH Configuration – Add line “PermitRootLogin yes” - Restarting the SSH Service: For the changes to take effect, the SSH service must be restarted. This can be done using the systemctl command.
$ sudo systemctl restart ssh
Restarting the service applies the configuration changes, making it possible to log in as root over SSH.
- Logging in as Root: With the SSH service restarted and root login enabled, you can now log in to your server as root via SSH.
$ ssh root@ubuntu-server
This command initiates a secure connection to your server as the root user. You’ll be prompted to enter the root password you set earlier.
Logging in as Root
Conclusion
Enabling SSH root login on Ubuntu or Debian systems requires careful consideration due to the security implications. By following this guide, you can securely set up root access for your server, ensuring that you maintain the highest security standards. Always use strong passwords and consider implementing additional security measures, such as SSH key authentication and two-factor authentication, to protect your server.