- 0 Comments
- Blog
Knowledge Base · Linux · SSH
Enable Root
SSH Login
Ubuntu · Debian · CentOS · AlmaLinux
- 5 min read
- Linux, Dedicated Server
When your KwikServer VPS or Dedicated Server is first provisioned, root SSH login is disabled by default as a security measure. This is standard practice across all major Linux distributions. While it protects your server from automated brute-force attacks, there are many valid reasons to enable direct root access — such as running automation scripts, setting up control panels like cPanel or DirectAdmin, or simply streamlining your admin workflow. This guide walks you through enabling root login safely and correctly in just a few minutes.
Why Is Root Login Disabled by Default?
The root account is the most powerful user on any Linux system. It has unrestricted access to every file, process, and configuration, which also makes it a primary target for automated brute-force attacks. To reduce risk, most cloud images and Linux distributions disable direct root SSH access by default. Instead, you receive a sudo-enabled non-root user (such as ubuntu, admin, or centos) to log in with, and you escalate to root only when necessary.
Enabling root login is completely safe when combined with the right security measures, which are covered at the end of this guide.
Before You Begin
Have the following ready before making any changes to your server:
Security Note: Enabling root login increases exposure to automated attacks. After enabling it, we strongly recommend using SSH key authentication and disabling password-based login. See the security tips section at the end of this guide.
Step-by-Step: Enable Root SSH Login
The core process is the same across all major Linux distributions. You will edit one line in the SSH daemon configuration file, then restart the SSH service.
1
Connect to Your Server via SSH
Log in using your existing non-root user. Replace the placeholders with your actual credentials:
Terminal
ssh your_user@your_server_ip # Example for a typical Ubuntu server: ssh ubuntu@203.0.113.10
2
Open the SSH Configuration File
The SSH daemon configuration lives at /etc/ssh/sshd_config. Open it with elevated privileges:
Terminal
sudo nano /etc/ssh/sshd_config
You can also use
vi or vim instead of nano if you prefer.3
Find and Update the PermitRootLogin Setting
Search for the line containing PermitRootLogin. By default it looks like one of these:
Default (disabled)
# PermitRootLogin prohibit-password # PermitRootLogin no
Remove the # and change the value to yes:
Updated (root login enabled)
PermitRootLogin yes
In nano: use
Ctrl + W to search, Ctrl + X to exit, then press Y and Enter to save.4
Restart the SSH Service
Apply your changes by restarting the SSH daemon:
Terminal
# Ubuntu 20+, Debian, AlmaLinux, CentOS sudo systemctl restart sshd # Older Ubuntu / Debian systems sudo service ssh restart
5
Set a Root Password (If Not Already Set)
Many cloud images lock the root account by default (no password assigned). Set a strong password with:
Terminal
sudo passwd root
Use at least 16 characters with a mix of letters, numbers, and symbols.
Full Commands by Operating System
Here are the complete command sequences grouped by Linux distribution for quick reference:
Ubuntu 20.04 / 22.04 / 24.04 · Debian 11 / 12
# 1. Open SSH config file sudo nano /etc/ssh/sshd_config # 2. Find and update: # PermitRootLogin prohibit-password # Change to: PermitRootLogin yes # 3. Save: Ctrl+X → Y → Enter # 4. Restart SSH sudo systemctl restart ssh # 5. Set root password (if not set) sudo passwd root # 6. Verify SSH is running sudo systemctl status ssh
CentOS 7/8 · AlmaLinux 8/9 · Rocky Linux
# 1. Open SSH config file sudo nano /etc/ssh/sshd_config # 2. Find and update: # PermitRootLogin no # Change to: PermitRootLogin yes # 3. Save: Ctrl+X → Y → Enter # 4. Restart SSHD sudo systemctl restart sshd # 5. Set root password (if not set) sudo passwd root # 6. Verify SSHD is active sudo systemctl status sshd
Verifying the Change
Open a new terminal window (keep your original session open) and connect as root to verify everything is working:
New Terminal Window
ssh root@your_server_ip
A successful connection confirms root login is enabled. If you receive “Permission denied,” verify that you saved the config file correctly and restarted the SSH service. On Ubuntu 22.04 and later, also check /etc/ssh/sshd_config.d/ for any files that may override your setting.
Always keep your original SSH session open while testing the new connection. This ensures you won’t lock yourself out if something needs adjustment.
Security Best Practices After Enabling Root
Enabling root login is a significant change. Follow these steps to maintain a secure server:
Use SSH Key Authentication
SSH keys are far more secure than passwords. Once your key is configured, disable password authentication entirely:
sshd_config — recommended settings
PermitRootLogin yes PasswordAuthentication no PubkeyAuthentication yes
Change the Default SSH Port
Moving SSH off port 22 dramatically reduces automated scan traffic and brute-force attempts:
sshd_config
Port 2222 # Any unused port above 1024
Install Fail2Ban
Fail2Ban monitors your logs and automatically bans IPs after repeated failed login attempts:
Terminal
# Ubuntu / Debian sudo apt install fail2ban -y && sudo systemctl enable --now fail2ban # CentOS / AlmaLinux sudo yum install fail2ban -y && sudo systemctl enable --now fail2ban
Enabling root login is not inherently dangerous — running an unmonitored, unpatched server is. With proper security measures in place, root access simply makes server administration faster and more direct.
Kwik Server
Frequently Asked Questions
Why can’t I log in as root even after enabling it?
The most common reasons are: (1) you forgot to restart the SSH service — run
sudo systemctl restart sshd; (2) the root account has no password — run sudo passwd root; (3) on Ubuntu 22.04+, check /etc/ssh/sshd_config.d/ for override files that may be overriding your change.What is the difference between “PermitRootLogin yes” and “prohibit-password”?
prohibit-password allows root login only via SSH key pairs — passwords are rejected. yes allows root login via both SSH keys and passwords. If you have SSH keys configured, prohibit-password is the more secure option for production servers.Is it safe to leave root login enabled permanently?
Yes, provided you apply the security measures in this guide: use SSH key authentication, disable password login, install Fail2Ban, and keep your system updated. Many system administrators run production servers with permanent root SSH access without incidents by following these practices.
How do I disable root login again later?
Simply reverse the change: open
/etc/ssh/sshd_config, change PermitRootLogin yes to PermitRootLogin no, then restart SSH with sudo systemctl restart sshd.Does this guide apply to KwikServer Windows RDP servers?
No. This guide covers Linux-based VPS and Dedicated Servers only. Windows RDP servers use a different permission model where the Administrator account is typically available by default. Please see our Windows tutorials or contact KwikServer support for Windows-specific help.