Security Tutorial: Disable Root SSH Access to a 1&1 Cloud Server Running Linux

Table of Contents

Introduction

Learn how to disable SSH access for the root account on a 1&1 Cloud Server running Linux. For security reasons, disabling root SSH access to a server is considered a "best practice" for Linux administration. Instead of connecting to a server as root, users will log in to a server with their own user accounts. They can then switch to root with the su command if necessary.

Requirements

  • A 1&1 Cloud Server running Linux (any distribution)

For information on how to create a user account and grant sudo access, see our article "Add, Remove, and Manage Users on a Cloud Server Running Linux".

If You Lock Yourself Out: Access Your Server Through the KVM Console

If you accidentally lock out all SSH connections on a 1&1 Cloud Server with Linux, you can access your server through the KVM Console to fix the problem.

From the Control Panel, click 1and1 Cloud Panel.

Accessing Cloud Server KVM console: click Cloud Panel

Click to select your server.

Accessing Cloud Server KVM console: click to select your server

Click Actions then Access KVM Console.

Accessing Cloud Server KVM console: access the KVM console

This will load the KVM Console, which will allow you to access your server as if you were sitting at a keyboard connected directly to the machine.

The Cloud Server KVM console

From here you can log in as the root user and correct the problem.

Disable SSH Login for Root

To disable SSH login, edit the /etc/ssh/sshd_config file:

sudo nano /etc/ssh/sshd_config

Scroll down until you find the line:

#PermitRootLogin yes

Remove the # (if present) and change yes to no so that the line reads:

PermitRootLogin no

Restart the sshd service for the changes to take effect:

systemctl restart sshd

Exit the SSH session and attempt to SSH to the server as root. After entering the password, your connection will be refused with the message "Access denied."

From this point forward, SSH to your server as your user account, then escalate to root as needed with the command:

su - root

Comments

Tags: Linux / Security