Enable remote root login on Ubuntu safely
Normally you shouldn't need to login to Ubuntu directly as root. You can login as your regular account and run administration tasks with sudo cmd
. Sometimes, though, you might have a legitimate reason to want to login as root directly.
By default, the root account is disabled in Ubuntu. That is, it has no password and you cannot login using passwords. It might be tempting to just set a password with sudo passwd
. But don't do it. Don't enable the root account.
A better way is to allow root login using public key authentication, not with password. The reasoning is explained in the Debian mailing list archives.
Open
/etc/ssh/sshd_config
and check ifPermitRootLogin
is set toyes
. If not, then set it to yes and restartssh
withsudo service ssh restart
-
Create the
.ssh
directory in root's home if it doesn't exist and make sure it has strict permissions:sudo -i mkdir -p .ssh sudo -i chmod 700 .ssh
Create a public/private key pair in the system you want to login from.
Copy your public key to your regular user account.
-
Append your public key to
.ssh/authorized_keys
of root, and make sure the file has strict permissions:cat id_rsa.pub | sudo -i tee -a .ssh/authorized_keys sudo -i chmod 600 .ssh/authorized_keys
With this setup you should be able to login as root using your private key.
If you have previously enabled the root
account, make sure to disable it now:
sudo passwd -l root