So, you’ve just deployed your shiny new VPS. You’ve logged in as root, typed a few commands, maybe installed Postfix, and thought:
“This is easy. I’m basically a sysadmin now.”
But let me tell you something real quick:
If you’re still logging in as root, you’re basically asking to get hacked.
It’s like leaving your bike unlocked in front of a sign that says “Free Bike Test Ride!”
Let’s fix that, shall we?
🧠 Why You Should Never Use Root Over SSH
Logging in as root means:
- Full access
- No second chance
- One wrong command and… 💥
Also: bots LOVE brute-forcing root. It’s the first user they try.
Disabling root login over SSH is one of the simplest — yet most effective — ways to harden your server.
Let’s lock it down.
👨🔧 Step 1: Create a Non-root User
If you haven’t already, let’s add a new user:
adduser dethinked
Give it a password and follow the prompts.
Then add it to the sudo group:
usermod -aG sudo dethinked
Now your new user can use sudo to execute administrative commands.
🔑 Step 2: Copy Your SSH Key to the New User
If you’re already using SSH key authentication (which you should), copy your public key to the new user:
ssh-copy-id dethinked@yourserver
Test that it works:
ssh dethinked@yourserver
If you land in the server — congrats, you’re almost rootless 😎
🛑 Step 3: Disable Root Login via SSH
Now, let’s lock the front door.
Open the SSH config:
sudo nano /etc/ssh/sshd_config
Find:
PermitRootLogin yes
Change it to:
PermitRootLogin no
Optionally, while you’re here, disable password login entirely:
PasswordAuthentication no
(Ssh keys only, baby 🔐)
Save and exit.
🔁 Step 4: Restart the SSH Service
Let’s apply the changes:
sudo systemctl restart ssh
⚠️ WARNING: Don’t close your current session until you’ve tested the new one!
Open a new terminal and try logging in as your new user to be sure.
🚨 What If I Lock Myself Out?
Don’t panic. Well… maybe panic a little.
If you’re using a cloud VPS provider like DigitalOcean or AWS, you can usually:
- Access a web-based console
- Reset your SSH settings
- Or boot into rescue mode
But better idea? Test everything first before restarting or logging out!
✅ Final Check
Here’s your post-root sanity checklist:
| Task | Status |
|---|---|
| Created non-root user | ✅ |
| Added SSH key to new user | ✅ |
| Disabled root login | ✅ |
| Tested new login | ✅ |
🔐 Final Thoughts
Disabling root login won’t make you invincible — but it closes a huge door that hackers love to knock on.
You’re not just running a server now.
You’re running a safer server — and that’s a flex. 😎
Leave a Comment