Disable SSH (Secure Shell) “root” user login Linux / cPanel / WHM

I was hardening a server this morning and decided my reference for disabling root access within Linux / cPanel / WHM may benefit someone else.

Note: Some may end up here trying to find out how to disable the WHM’s  root user login. I do not believe that is possible.

Allow other users to su (substitute user)

  1. WHM > Security Center > Manage Wheel Group Users
  2. Add desired user(s) to Wheel Group

Disable root access

  1. Log into SSH as root
  2. Type vi /etc/ssh/sshd_config and hit Enter
  3. Type i (insert mode)
  4. Change PermitRootLogin yes to PermitRootLogin no
    • Hint: You can also change the port number to harden the server even further.
  5. Hit Escape and type :x (save and exit)
  6. Type service sshd restart

Confirm root is disabled

  1. Start new SSH session
  2. Try logging in as root
  3. You should see Access denied

Confirm user can become root

  1. Log in as a Wheel Group user
  2. Type su - and hit Enter
  3. Enter the root password
  4. No errors? You’re all set!
  5. Type exit and hit Enter to end root session
  6. Type exit and hit Enter to end user session

Optional: Change SSH port number

  1. Log into SSH as Wheel Group user
  2. Type su - and hit Enter
  3. Enter the root password
  4. Type vi /etc/ssh/sshd_config and hit Enter
  5. Type i (insert mode)
  6. Change Port 22 to something like Port 5678
    • New port number must be unique. Ports 5000 through 5999 are usually a safe range. Ask your data center when unsure.
  7. Hit Escape and type :x (save and exit)
  8. Type service sshd restart
  9. Type exit and hit Enter to end root session
  10. Type exit and hit Enter to end user session
  11. Log into SSH as a Wheel Group user using the new port number

These tasks are common knowledge to many of us, but try to remember, everyone was green at some point and needed help 😉

Leave a Reply

Your email address will not be published.