By default remote root login is disabled in Ubuntu 14.04 / 14.10 & 15.04, means we can not do ssh to Ubuntu machine as root directly. To ssh a Ubuntu machine first we have to login as non-root user and then you can switch or become root user.
In this article we will discuss how to enable remote ssh for root user in Ubuntu .
Try to SSH Ubuntu Machine before making any changes :
Now Make the below Changes to enable ssh for root.
Edit the file “/etc/ssh/sshd_config” , replace “PermitRootLogin without-password ” with “PermitRootLogin yes”
root@Linux-world:~# vi /etc/ssh/sshd_config #PermitRootLogin without-password PermitRootLogin yes StrictModes yes
Save & exit the file.
Restart the SSH service using below command.
root@Linux-world:~# /etc/init.d/ssh restart [ ok ] Restarting ssh (via systemctl): ssh.service. root@Linux-world:~#
Now Try to ssh as root user.
nextstep4it@localhost:~$ ssh email@example.com firstname.lastname@example.org's password: Welcome to Ubuntu 15.04 (GNU/Linux 3.19.0-15-generic x86_64) * Documentation: https://help.ubuntu.com/ 244 packages can be updated. 144 updates are security updates. Last login: Tue Sep 15 10:03:17 2015 from localhost.home root@Linux-world:~#
Usually this is not recommended because there’s a chance (however small it may be) that an attacker can either get your private key or guess your password and if you allow root logins through SSH then the attacker can basically do anything on your system (from installing keyloggers/malware/trojans/viruses to anything and everything).
If this is also considered by Sysadmins as a means to manage a bunch of systems, simply don’t; there are other systems (ie chef and puppet) for that task more secure than what’s proposed here.
It might be a good idea to put security first and convenience second.
Why would you do that? Sudo anyone? I just used it twice to ssh into my EC2 box to set up the email alias for this comment.
As a security precaution root login via ssh should only be allowed with keys and passphrase — never just the password — and access to the ssh server should only be allowed from pre-defined IP addresses eg the local LAN or selected Internet addresses using a firewall on the machine or on the router.