In some special cases we need to prevent root from using SSH to log on locally or remotely to increase security. Below is a detailed description of how to disable root login.
- Disable Root Local Login
- Disable root remote SSH login
Disable Root Local Login
Modify the /etc/pam.d/login
file to add the following line
auth required pam_succeed_if.so user != root quiet
Disable root remote SSH login
Modify the /etc/ssh/sshd_config
file to
#PermitRootLogin yes
Revision changed to
PermitRootLogin no
Note the preceding #
comment characters when modifying. Don't forget to restart the service at the same time sshd
. Prohibit later, you can use the normal user login, after logging in if you need root
permission, you can use su
to switch to the root
user. Or configure sudo
the use of certain permissions for ordinary users root
. This can increase the security of the system to some extent.
CentOS How to disable root local or remote SSH login