π« Disable Root Login (Safely) β
Disabling root login over SSH is a great way to improve your serverβs security β but you must do it after youβve set up a non-root user with SSH key access.
This guide helps you safely disable root SSH login without locking yourself out.
Step 1: Ensure You Have a Non-Root User β
Log in to your VPS as root
and create a new user (replace astro
with your preferred username):
adduser astro
Add the user to the sudo
group:
usermod -aG sudo astro
β οΈ This user will now have admin privileges using
sudo
.
Step 2: Copy Your SSH Key to the New User β
Assuming your SSH public key is already on the server (from your earlier setup), copy it to the new user:
rsync --archive --chown=astro:astro ~/.ssh /home/astro
Or manually:
mkdir /home/astro/.ssh
cp ~/.ssh/authorized_keys /home/astro/.ssh/
chown -R astro:astro /home/astro/.ssh
chmod 700 /home/astro/.ssh
chmod 600 /home/astro/.ssh/authorized_keys
Step 3: Test Your New Login β
Before making any changes, open a new terminal window and try logging in as the new user:
ssh astro@your_vps_ip
If it works β and you can run sudo
commands β you're good to go.
Step 4: Disable Root SSH Access β
Once you're sure the new user works, edit the SSH config:
sudo nano /etc/ssh/sshd_config
Find or add the line:
PermitRootLogin no
Save and restart SSH:
sudo systemctl restart sshd
β Done! β
Root login over SSH is now disabled β but you still have full access through your new user with SSH keys.
π Security tip: You can also change the default SSH port for extra protection, or use a firewall to limit IPs.
Built by Node Runners.
For the Networks We Believe In.
π astrostake.xyz