SSH Best Practices: Disable Root Login and Use SSH Keys

Summarize with:
Share:

SSH root login security is one of the most critical aspects of protecting your server from unauthorized access. In this guide, we’ll walk you through two essential security measures: disabling root login and using SSH keys for authentication.

Why SSH Security Matters

Secure Shell (SSH) is the primary method for accessing and administering Linux servers remotely. Weak SSH configurations can compromise SSH root login security, exposing your system to brute-force attacks, credential stuffing, and unauthorized logins — especially when root access is allowed or password-based logins are enabled.

Step 1: Disable Root Login

The root user has full control over the system. Allowing root to log in over SSH can be dangerous — especially if password authentication is enabled.

How to Disable Root Login

1. Connect to your server using a non-root user (or root for now if it’s your first time).

2. Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

3. Find the line:

PermitRootLogin yes

And change it to:

PermitRootLogin no

If the line doesn’t exist, add it at the end of the file.

4. Save and exit (Ctrl+X, then Y and Enter).

5. Restart the SSH service:

sudo systemctl restart sshd

Important: Ensure you’ve created a non-root user with SSH access before disabling root login.

Secure Your Server – Disable Root & Use SSH Keys

Protect SSH Access – Follow Best Practices

Explore SSH Best Practices

Step 2: Use SSH Key Authentication

SSH key pairs offer strong, password-less authentication that is extremely difficult to brute-force.

How to Set Up SSH Keys

On Your Local Machine (Client)

1. Generate a key pair:

ssh-keygen -t rsa -b 4096 -C "[email protected]"
  • Press Enter to accept the default path (~/.ssh/id_rsa).
  • Set a passphrase for extra security (optional but recommended).

2. Upload the public key to the server:

ssh-copy-id username@your-server-ip

Or manually:

cat ~/.ssh/id_rsa.pub | ssh username@your-server-ip "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

3. Test your login:

ssh username@your-server-ip

Once you’ve confirmed key-based login works, disable password login to strengthen SSH root login security and eliminate password-based attacks.

1 Edit the SSH config:

sudo nano /etc/ssh/sshd_config

2. Change or add:

PasswordAuthentication no

3. Restart SSH:

sudo systemctl restart sshd

Your server will now only accept SSH connections using keys.

Additional Tips

  • Use Fail2Ban to block repeated failed login attempts.
  • Change the default SSH port (22) to a custom port (e.g., 2222) to reduce bot scans.
  • Ensure your .ssh folder and files have the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Round-the-Clock Support

Our certified experts are always available to resolve issues, ensure compliance, and maintain performance. For more information, contact our experts!


Summary

Security MeasureRecommended Action
Disable Root LoginYes
Use SSH Key AuthenticationYes
Disable Password LoginStrongly Recommended

By following these SSH best practices, you significantly reduce the risk of unauthorized access to your server infrastructure.

Need assistance implementing this on your servers? Contact our support team.

Promo popup for the HostingB2B New Customers - 10% off all Products
Hosting B2B LTD is a Company registered in Cyprus with Company number HE410139 and VAT CY10410139C

HOSTING

SOLUTIONS

LEGAL

Facebook-f X-twitter Linkedin-in Youtube Instagram
© 2025 All Rights Reserved. HostingB2B

Dedicated Servers / Bare Metal

Security

AI Infrastructure

GPU Hosting

Application Hosting

WordPress Hosting

Web Hosting

VPS Hosting

Solutions as a Service

Networking

Colocation Hosting

S3 Object Storage

Cloud Hosting

iGaming

Datacenter & Network Information

Company Blog

Legal

Company Info

Careers & Affiliates

Hosting B2B LTD is a Company registered in Cyprus with Company number HE410139 and VAT CY10410139C

Address

Contact Info

Social Media

Facebook-f X-twitter Linkedin-in Youtube Instagram
© 2025 All Rights Reserved. HostingB2B