Worklet: Disabling Root Login on Linux Devices

  • 26 August 2019
  • 4 replies

Userlevel 5

Hey Y’all!

Disabling root login is a super easy trick to increase security on Linux devices. In a lot of cases, IT admins set the root password as something simple so they remember it easily as they use it often to access a device via SSH . Furthermore, attackers typically use the root credential when trying to gain access to your device.

For this reason and more disabling root login and create root privilege users is a good security practice. The Worklet below is designed to evaluate your device to ensure Root Login is disabled.

Note: you need to make sure the users you’ve created on this device have sudo privileges.

This Worklet currently only support devices running CentOS. Check later as this script will be modified to support other linux distros



# create alias to the desired root login value for evaluation. this is the value you are looking for.
ssh_value="^PermitRootLogin yes"

# check the current conf file on the device to compare to desired value for appropriate exit value
grep -E "${ssh_value}" /etc/ssh/sshd_config

# return 0 if value exists; return non-zero if value does not exist
[[ $? -eq 0 ]] && exit 1

exit 0



# set the value in the conf file to disable root login access on the device
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

#restart the network services
service sshd restart

You’re all set! Root login is now disabled on the device. If you have any questions please feel free to reach out!

This topic has been closed for comments

4 replies

You should add this to the remediation script to make sure that the changes take effect:

service sshd restart
Userlevel 5

Good suggestion. Added to remediation

Hey, How to make this policy work for Ubuntu systems? I need to disable root login for ubuntu systems.

Userlevel 5

This should do it for you on Ubuntu Linux devices.


sudo passwd -l root

No need to restart any services, the root password should be disabled the next login attempt by the root account.

To unlock you would use a -u instead of -l