Last Updated: February 25, 2016
·
19.35K
· janosgyerik

Enable remote root login on Ubuntu safely

Normally you shouldn't need to login to Ubuntu directly as root. You can login as your regular account and run administration tasks with sudo cmd. Sometimes, though, you might have a legitimate reason to want to login as root directly.

By default, the root account is disabled in Ubuntu. That is, it has no password and you cannot login using passwords. It might be tempting to just set a password with sudo passwd. But don't do it. Don't enable the root account.

A better way is to allow root login using public key authentication, not with password. The reasoning is explained in the Debian mailing list archives.

  1. Open /etc/ssh/sshd_config and check if PermitRootLogin is set to yes. If not, then set it to yes and restart ssh with sudo service ssh restart

  2. Create the .ssh directory in root's home if it doesn't exist and make sure it has strict permissions:

    sudo -i mkdir -p .ssh
    sudo -i chmod 700 .ssh
  3. Create a public/private key pair in the system you want to login from.

  4. Copy your public key to your regular user account.

  5. Append your public key to .ssh/authorized_keys of root, and make sure the file has strict permissions:

    cat id_rsa.pub | sudo -i tee -a .ssh/authorized_keys
    sudo -i chmod 600 .ssh/authorized_keys

With this setup you should be able to login as root using your private key.

If you have previously enabled the root account, make sure to disable it now:

sudo passwd -l root