Editing SSH Config to Permit Password Login on Root
packetware logo
A

Lead Engineer @ Packetware

Editing SSH Config to Permit Password Login on Root

The Secure Shell (SSH) protocol provides a secure and encrypted method for remote administration and file transfers over potentially insecure networks. By default, SSH is configured with security best practices in mind, often disabling root login with a password to prevent unauthorized access. However, certain scenarios may require enabling password login for the root user. Below is a step-by-step tutorial on how to edit the SSH configuration to permit this.

Disclaimer: Enabling password login for the root user can expose your system to potential security risks. It is strongly advised to thoroughly assess the necessity and implement additional protective measures such as using a strong password, configuring allowed IP addresses, and enabling firewall restrictions.

Step 1: Access the Server

Before making changes to SSH configurations, you need to have access to the server where the changes will be made. This is typically done via SSH itself.

ssh your_username@server_ip

Step 2: Backup the Current SSH Configuration

It's always a good practice to backup the current configuration file before making any changes. This allows you to revert to the original configuration in case anything goes wrong.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Step 3: Edit the SSH Configuration File

Open the SSH configuration file using a text editor of your choice (e.g., nano, vi, or vim). The file you need to edit is /etc/ssh/sshd_config.

sudo nano /etc/ssh/sshd_config

Step 4: Modify the Configuration

In the sshd_config file, look for the line that begins with PermitRootLogin. You need to change its value. If the line is commented (preceded by a #), remove the # to uncomment it.

Change:

#PermitRootLogin prohibit-password

To:

PermitRootLogin yes

Additionally, ensure the PasswordAuthentication directive is set to yes to allow password authentication:

PasswordAuthentication yes

Step 5: Save and Exit

After making the necessary changes, save the file and exit the editor. In nano, this is done by pressing CTRL + X, then Y, followed by Enter.

Step 6: Restart the SSH Service

For the changes to take effect, restart the SSH service on your server.

sudo systemctl restart sshd

On some systems, the service might be named ssh instead of sshd. You can check the service status to confirm the name:

sudo systemctl status sshd

or

sudo systemctl status ssh

Step 7: Test the Configuration

It's crucial to verify that SSH is functioning as expected after the changes. Attempt to log in as the root user with a password from a different terminal session or another device.

ssh root@server_ip

Important Security Note

  • Use Strong Passwords: Ensure that the root user password is robust, combining uppercase letters, lowercase letters, numbers, and symbols.

  • Limit Access: Consider restricting root login to specific IP addresses or networks using firewall rules or the /etc/hosts.allow and /etc/hosts.deny files.

  • Consider Alternatives: Instead of enabling root login, consider using a regular user account with sudo privileges or SSH key-based authentication.

By following these steps, you can modify your SSH configuration to permit password login for the root user. Always weigh the security implications of enabling such access and consider implementing additional security measures.