Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


How do I enable root login with ssh?

Dave, I've been using ssh like a good Internet citizen to connect to my remote server, but for security reasons the ISP has disabled root login from ssh on every server. Problem is, I really need to be able to log in as root occasionally. How do I re-enable it?

Dave's Answer:

First off, are you absolutely sure this is something that you really want to do? Remember, you should have a regular user account already, and it's only a few extra keystrokes to ssh to your account, then use su or sudo to become root for specific tasks. That's what I do, and that's what I recommend too.

Further, you already know that you should have a really weird, impossible-to-break or guess root password, right? One tip: most Unixes let you have arbitrarily long passwords, so don't hesitate to do something that's more than the usual 6-8 characters, and, really, add some punctuation and mixed upper/lower case letters, at a minimum.

For example, my root password is                  . See what I mean?

More seriously, if you are convinced that you really do want to reenable root login through ssh then you'll want to follow these two simple steps:

  1. Open up /etc/ssh/sshd_config and set "PermitRootLogin" to "yes". (Your ISP probably set it to "without-password")
  2. You also need to restart the sshd process. This is done by killing the existing one (use ps -aux|grep sshd to get the process ID, then use kill to zap it), then restarting /usr/sbin/sshd

Again, make me feel more secure. Make sure you really want to do this, and then make sure that you have a really solid, impossible to guess root password.

More Useful Unix and Linux Help Articles:
✔   Copy and Paste from the Mac OS X Command Line?
I am constantly running commands in Terminal.app on my MacBook and then copying and pasting the results into email messages or documents. Yes,...
✔   Shell script to convert lowercase to title case?
As part of a project I'm working on, I find myself deep in a Linux shell script, needing to have a subroutine that...
✔   Can I script renaming files based on an XML data map?
I have a folder full of files which are named with four digits and a file extension e.g. 0312.file and an XML-file describing...
✔   Test for valid numbers in a Bash shell script?
In a different discussion on this site [see Redirecting input in a shell script] a visitor commented that "I was too busy trying...
✔   Review: iSSH for the iPad/iPhone
If you're running an online business like I am, there are times when you need to connect and log in to the server...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  




Categorized: Unix and Linux Help   (Article 3985, Written by )
Tagged:
Previous: How does MSN Search's Search Builder function work?
Next: Microsoft Internet Explorer IE6 can't search from address bar?




Reader Comments To Date: 19

F Woodman Jr said, on May 5, 2005 1:55 PM:

Dave,

I'm with you on advising against loging on directyly to root using SSH.

It's hard to express how many problems that can cause and how insecure it may be compared to using the console provided by the hosting company.

That's the safest way to do it and it isn't that much slower or harder than directly loging on with SSH.

I certainly would never do it and would be interested in why he things he needs too log on that way.


F Woodman Jr

chandru said, on February 28, 2006 11:14 PM:

Hi,
I am using an already built filesystem on my board running on MIPS architecture. It does not hav a root nor home. I want to enable it. Please can you guide me?

regards,
chandru.

Reda said, on April 12, 2007 10:28 AM:

Hi all,
i want also to access to another server using SSH but i don't want that he asks me the passwrd?!
please help!

Iain Argent said, on December 19, 2007 3:33 AM:

Killing the sshd process as a remote user is rather dangerous. You will be logged out with no way to log back in. A better way to do this is to tell sshd to re-read its configuration file (as root):

kill -HUP process_id

Zoltan said, on March 1, 2008 1:36 PM:

Hi Dave,

Great article!
I found an easier way to restart SSHD, so I thought I would share it:

/etc/init.d/sshd restart

Cheers,

Z-

Trashman said, on July 27, 2008 8:17 PM:

Ok. I just got to say it... What's the big deal about allowing root login on ssh? Seriously. As you say: "make sure that you have a really solid, impossible to guess root password" well, that should be obvious for _every_ user account. Furthermore, if your basic user account has su or sudo access, you can su to root anyway so disabling root login has not gained you any security. Hacker figures out your user account password (because you used your birth date like you do on _all_ you accounts), then she logs in to your machine, su's to root, makes the change in sshd_config and restarts ssh. Ok, now she has root login access. Moral of the story is make better passwords. The only thing the might happen with root login access is: you get a little drunk, forget you're root and run 'rm -Rf /*'. Opps, to bad you weren't logged in as a regular user!

Matt said, on August 28, 2008 11:15 AM:

You can also use: service sshd restart

saif shaikh said, on December 2, 2008 8:08 AM:

Hi i cannot see any thing in the /etc/ssh/sshd_config. This comes up as blank ?? I am doing this as root remotly. Help

fisharoundthebend said, on February 15, 2009 12:23 PM:

ok... but how to enable root to login on ubuntu? I have installed ssh and I can try to log in but after few seconds I receive Access Denied message.

fisharoundthebend said, on February 15, 2009 12:26 PM:

forgot to add that I am trying not to use GUI, just the cli.

salim said, on March 8, 2009 9:43 PM:

thank you.... it helped for me in freebsd 5.5

WISSSOOO said, on April 28, 2009 1:30 AM:

dave,

i'm getting the following error when im starting the ssh service: "/var/chroot/sshd should be owned by root not group or world-writable". i changed the ownership to root.wheel but still, any idea?

Dave Taylor said, on April 28, 2009 6:56 AM:

WISSOO, I think I'd check the permissions of the enclosing directory in addition to the permissions and ownership of the file itself.

Felipe said, on July 28, 2009 5:07 AM:

I may have root enabled but I also have a powerfull port guard called fail2ban.
3 wrong attemps and your IP is banned for long time.
This will avoid sshater scripts, brute forcing ssh with is not that hard to do.
take a look on how to setup fail2ban for ssh
http://felipeferreira.net/?p=47

Ian Vaughan said, on January 14, 2010 6:45 AM:

I was already successfully logging in as root without this setting enabled.

I was however getting "Access denied" printf itbetween the "Loging as..." and "...password:" printfs???

david said, on May 23, 2010 3:05 PM:

also check that at the bottom of the sshd_config file there are not any default deny root etc lines as well as the previous permitting root login.
d.

ed said, on July 16, 2010 7:36 PM:

Our host lets us enable root access but then we cannot switch it off. We only want to change php.ini and to have ssh connection. It seems like overkill? What do you recommend

Ron Gordon said, on September 30, 2010 7:48 AM:

instead of stopping and starting sshd, which will log you out, us ps -ef|grep sshd to find the pid, then # kill -HUP pid
That will restart sshd, and direct root login will now work. (Just don't tell the security manager)

Alex van Rijs said, on November 8, 2010 8:37 AM:

Yesterday one of my clients asked me to give them SSH priviledges to there home directory.

So I edited the SSHD_CONFIG file, and added the line:
#AllowUsers admin, client1, client2
and
#DenyUsers admin is stil mentioned in the file. Both lines are inactive because of the: #.

I am only able to log in with admin priviledges an not with root priviledges. And because I don't have these priviledges I cannot restore the SSHD_CONFIG file with the original one.

Does anyone have any idea on how to change the SSHD_CONFIG file without root priviledges.

Alex van Rijs

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Recent Entries
Look for Answers
Recommended
Need Help? Ask Dave Taylor!
Powered By
Linux Journal: Free Issue!
All Our Categories


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.