📒 

By default, Ubuntu disables root login over SSH for security reasons. This restriction helps to protect servers from unauthorized access, as the root account has full control over the system. However, in certain situations, such as troubleshooting or performing administrative tasks, you may need to enable root login via SSH. In this guide, we’ll walk through the process of enabling root login over SSH in Ubuntu while emphasizing some important security considerations.

Important Security Considerations

Before enabling root login via SSH, keep in mind that doing so can expose your system to significant security risks. Here are a few precautions you should take:

  • Use a Strong Password: Ensure that the root password is complex and difficult to guess.
  • Enable Firewall: Use ufw or another firewall to limit access to SSH only from trusted IP addresses.
  • Use SSH Keys: It is recommended to use SSH keys for authentication rather than relying solely on passwords.
  • Disable Root Login When Done: After completing your administrative tasks, disable root login to minimize potential risks.

Prerequisites

  • A user account with sudo privileges.
  • SSH access to your Ubuntu server.

Step 1: Enable Root User Password

If you haven’t already set a password for the root user, you need to do so. By default, Ubuntu disables root login by not setting a password for the root account. To set or change the root password, run the following command:

sudo passwd root

You will be prompted to enter a new password for the root user. Make sure to choose a strong password. After you confirm the new password, the root account will be enabled.

Step 2: Edit the SSH Configuration File

To enable root login via SSH, you need to modify the SSH daemon configuration file, sshd_config.

  1. Open the SSH configuration file using your preferred text editor. For example:
    sudo nano /etc/ssh/sshd_config
  2. Look for the following line in the configuration file:
    PermitRootLogin prohibit-password

    This line means that root login is disabled for password authentication but may be allowed with SSH keys.

  3. Change this line to:
    PermitRootLogin yes

    This change will allow the root user to log in using a password.

  4. Save the changes and exit the editor. If you are using nano, you can save by pressing CTRL + O, then press Enter and exit with CTRL + X.

Step 3: Restart the SSH Service

For the changes to take effect, you need to restart the SSH service:

sudo systemctl restart ssh

Alternatively, you can use:

sudo service ssh restart

This command will apply the new settings and enable root login over SSH.

Step 4: Test Root SSH Login

Now that you have enabled root login, it’s time to test it:

  1. Open an SSH client or terminal.
  2. Connect to your server using the root username:
    ssh root@your_server_ip
  3. Enter the root password that you set earlier.

If everything is configured correctly, you should be able to log in as the root user.

Step 5: Revert Changes After Use (Recommended)

For security reasons, it’s best to disable root login over SSH once you’ve completed the necessary tasks. To do this:

  1. Open the SSH configuration file again:
    sudo nano /etc/ssh/sshd_config
  2. Change the PermitRootLogin option back to:
    PermitRootLogin prohibit-password
  3. Restart the SSH service:
    sudo systemctl restart ssh

This will disable root login again, allowing access only through user accounts with sudo privileges.