Search Our Database

How to disable root access in CentOS?

Last updated on Apr 16,2020 |

under

by IPSERVERONE

Warning: CentOS 7 reached its end-of-life (EOL) on June 30, 2024. This means it no longer receives security updates or support from the developers. It is strongly recommended to upgrade to a supported operating system version, such as CentOS Stream 9 or an alternative Linux distribution, to maintain security and stability.

Introduction

Directly using the root account on a Linux server is generally discouraged for security reasons, as it can expose your system to vulnerabilities. Instead, it is best practice to create a non-root user with sudo privileges, allowing privileged commands to be executed securely without directly logging in as root. This guide provides a step-by-step method for disabling root access on CentOS servers to enhance security.

Prerequisites

SSH access to the server with root privileges.
A non-root user with sudo privileges (refer to the guide on Creating a User with Root Privileges).

Step-by-Step Guide

Step 1: Log in to Your Server via SSH

To begin, log into your CentOS server using an SSH client with root privileges.

ssh root@your_server_ip

Step 2: Open the SSH Configuration File

Open the main SSH configuration file, sshd_config, which controls remote login settings.

vi /etc/ssh/sshd_config

Step 3: Locate the PermitRootLogin Setting

In the configuration file, locate the following line. By default, it may be commented out with a # symbol:

# PermitRootLogin no

Step 4: Disable Root Login

To disable root access, remove the # symbol and set PermitRootLogin to no as shown below:

PermitRootLogin no

This change tells the SSH service to deny root login attempts.

Step 5: Restart the SSH Daemon

After updating the configuration file, restart the SSH daemon to apply the changes:

- For CentOS 6 or earlier:

/etc/init.d/sshd restart

- For CentOS 7 and later:

systemctl restart sshd

Step 6: Verify Root Access Is Disabled

Attempt to log in as root again. If configured correctly, SSH will display an “Access Denied” message, confirming that root login is disabled. Use your new non-root user account with sudo privileges to access administrative functions.

Conclusion

By disabling root access, server security is strengthened, limiting potential attack vectors associated with the root user. Always ensure that at least one non-root user has sudo privileges for administrative control. Regular security practices, like disabling root access, are especially important on EOL systems like CentOS 7, which lack ongoing security updates.

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.

Article posted on 16 April 2020