Industry guru Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, Google AdSense, MySpace, Sony PSP, Apple iPod, Mp3 players, management, Linux, SEO, Mac OS X, Facebook, Twitter, LinkedIn and Microsoft Windows.

How do I enable root login with ssh?

Dave, I've been using ssh like a good Internet citizen to connect to my remote server, but for security reasons the ISP has disabled root login from ssh on every server. Problem is, I really need to be able to log in as root occasionally. How do I re-enable it?

Dave's Answer:

First off, are you absolutely sure this is something that you really want to do? Remember, you should have a regular user account already, and it's only a few extra keystrokes to ssh to your account, then use su or sudo to become root for specific tasks. That's what I do, and that's what I recommend too.

Further, you already know that you should have a really weird, impossible-to-break or guess root password, right? One tip: most Unixes let you have arbitrarily long passwords, so don't hesitate to do something that's more than the usual 6-8 characters, and, really, add some punctuation and mixed upper/lower case letters, at a minimum.

For example, my root password is                  . See what I mean?

More seriously, if you are convinced that you really do want to reenable root login through ssh then you'll want to follow these two simple steps:

  1. Open up /etc/ssh/sshd_config and set "PermitRootLogin" to "yes". (Your ISP probably set it to "without-password")
  2. You also need to restart the sshd process. This is done by killing the existing one (use ps -aux|grep sshd to get the process ID, then use kill to zap it), then restarting /usr/sbin/sshd

Again, make me feel more secure. Make sure you really want to do this, and then make sure that you have a really solid, impossible to guess root password.



Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Simpy.
Categorized: Unix and Linux Help   (Article 3985)
Tagged:
Previous: How does MSN Search's Search Builder function work?
Next: Microsoft Internet Explorer IE6 can't search from address bar?

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

Dave,

I'm with you on advising against loging on directyly to root using SSH.

It's hard to express how many problems that can cause and how insecure it may be compared to using the console provided by the hosting company.

That's the safest way to do it and it isn't that much slower or harder than directly loging on with SSH.

I certainly would never do it and would be interested in why he things he needs too log on that way.


F Woodman Jr

Posted by: F Woodman Jr at May 5, 2005 1:55 PM

Hi,
I am using an already built filesystem on my board running on MIPS architecture. It does not hav a root nor home. I want to enable it. Please can you guide me?

regards,
chandru.

Posted by: chandru at February 28, 2006 11:14 PM

Hi all,
i want also to access to another server using SSH but i don't want that he asks me the passwrd?!
please help!

Posted by: Reda at April 12, 2007 10:28 AM

Killing the sshd process as a remote user is rather dangerous. You will be logged out with no way to log back in. A better way to do this is to tell sshd to re-read its configuration file (as root):

kill -HUP process_id

Posted by: Iain Argent at December 19, 2007 3:33 AM

Hi Dave,

Great article!
I found an easier way to restart SSHD, so I thought I would share it:

/etc/init.d/sshd restart

Cheers,

Z-

Posted by: Zoltan at March 1, 2008 1:36 PM

I have a lot to say, but ...
Starbucks coffee cup I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!









Remember personal info?


Please note that I will never send you any unsolicited commercial email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Search
Find just the answers you seek from among our 1700+ free tech support articles by using our Lijit search engine.


Help!
Ask Dave for Help!




Link To Dave!
• Buy Dave a Cuppa •
Media Queries

Subscribe to
Ask Dave Taylor!

Add to Google Reader
Add to My Yahoo!
Subscribe in NewsGator Online

RDF   XML

Free Updates!
Sign up and get free weekly updates and special offers on books, seminars, workshops and more.

Complete Archives

Recent Entries
Join the List!
Join my author info mailing list, where you'll learn about my upcoming books, speaking gigs, and more!


Book Links
CIG Growing Your Business with Google
Creating Cool Web Sites
Wicked Cool Shell Scripts
Learning Unix for Mac OS X Panther
Solaris 9 for Dummies
Teach Yourself Unix System Administration in 24 Hours
Teach Yourself Unix in 24 Hours
Creating Cool HTML 4 Web Pages
Dynamic HTML Weekend Crash Course
training - speaking - writing - business blog - photography - bio - tech support
© 2002 - 2008 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]