Login Get Started
Hostxpeed
Login Get Started →
Getting Started

How to Disable Root Login (for security)

5 min read
21 views
Jun 10, 2026

Prerequisites

Before disabling root login, make sure you have:

  • A working sudo user account with SSH access
  • Tested that your sudo user can run commands with sudo
  • SSH access to your VPS

⚠️ Critical: Do NOT disable root login until you have verified your sudo user works. Otherwise you will lock yourself out!

Step 1: Connect with Your Sudo User

ssh username@YOUR_SERVER_IP -p 22

Replace username with your sudo user (not root).

Step 2: Test Sudo Access

Verify you can run privileged commands:

sudo whoami

Should output:

root

Step 3: Edit SSH Configuration

sudo nano /etc/ssh/sshd_config

Step 4: Find and Change PermitRootLogin

Locate the line:

PermitRootLogin yes

Change it to:

PermitRootLogin no

If the line is commented out (# at start), remove the # and change it.

If the line doesn't exist, add it:

PermitRootLogin no

Step 5: Save and Exit

In nano: Press Ctrl+X, then Y, then Enter.

Step 6: Verify SSH Configuration

Check for syntax errors before restarting:

sudo sshd -t

If no output, configuration is valid.

Step 7: Restart SSH Service

sudo systemctl restart sshd

For older systems:

sudo service ssh restart

Step 8: Test That Root is Disabled

Open a new terminal and try to login as root:

ssh hxroot@YOUR_SERVER_IP -p 22

You should see:

Permission denied (publickey,password).

Step 9: Test Your Sudo User Still Works

In the new terminal, connect with your sudo user:

ssh username@YOUR_SERVER_IP -p 22
sudo ls /root

Should work and show root directory contents.

Alternative: Disable Root Password but Allow Key

More secure than completely disabling:

sudo nano /etc/ssh/sshd_config

Set:

PermitRootLogin prohibit-password

This allows root login with SSH keys only.

Set Up Sudo User (If You Haven't Already)

If you don't have a sudo user, create one before disabling root:

adduser username
usermod -aG sudo username

Additional Security After Disabling Root

  • Change SSH port from 22 to something else:
sudo nano /etc/ssh/sshd_config
Port 2222
sudo systemctl restart sshd
  • Disable password authentication (use SSH keys only):
PasswordAuthentication no
  • Install Fail2ban:
sudo apt install fail2ban -y

If You Get Locked Out

If you accidentally lock yourself out:

  1. Use Hostxpeed portal to access server console
  2. Contact Hostxpeed support for emergency access
  3. Reinstall OS (last resort)

To recover via portal:

  1. Log in to Hostxpeed Client Area
  2. Go to My Services → Your VPS
  3. Look for "Console Access" or "Recovery Console"
  4. Use console to re-enable root login

Verify Root Login Status from Inside Server

sudo grep PermitRootLogin /etc/ssh/sshd_config

✅ Root SSH login has been disabled. Your server is now more secure. Always use your sudo user and sudo for administrative tasks.

Was this article helpful?