Time to host your applications on cloud. Join Now
Time to host your applications on cloud. Join Now
Cloud Hosting
VPS Hosting
GPU Cloud
Dedicated Server
Server Colocation
Backup as a Service
CDN Network
Window Cloud Hosting
Linux Cloud Hosting
Managed Cloud Service
Storage as a Service
VMware Public Cloud
Multi-Cloud Hosting
Cloud Server Hosting
Bare Metal Server
Virtual Machine
Magento Hosting
Remote Backup
DevOps
Kubernetes
Cloud Storage
NVMe Hosting
DR as s Service
API Gateway
The root user in Linux has full administrative privileges over the system. For security best practices, direct root login via SSH is disabled in Ubuntu by default. All administrative tasks are intended for sudo users.
However, you may occasionally need to log in as root directly over SSH to perform certain configuration changes or troubleshoot. This guide will walk you through how to enable direct Ubuntu enable root ssh.
A communication protocol known as SSH (Secure Shell) allows a client and a server to be in contact in a safe way. This is server, like one place where the sshd daemon resides and understands SSH connections.
Ubuntu uses the OpenSSH implementation of SSH. SSH access is controlled by these two main configuration files:
/etc/ssh/sshd_config - The main config file for sshd. Specifies access controls and settings.
/etc/passwd - Contains user accounts and data. The root user info is defined here.
To enable ubuntu allow root ssh login, we'll need to modify both of these files.
Prerequisites
Before making configuration changes, ensure:
You have sudo privileges on the Ubuntu system
You can access the server terminal using SSH keys
You have backups of critical data and configs
Physical access is tightly controlled
Enabling root SSH login increases attack surface and should only be done when absolutely necessary.
The first step is to generate a public/private SSH key pair for the root account.
On your local machine, open a terminal and run:
ssh-keygen -f ~/root_ssh
Use the root_ssh name for easy identification
Leave the passphrase empty for now for simplicity
This will generate two files - root_ssh (private key) and root_ssh.pub (public key).
Step 2 — Copy Public Key to Remote Server
Now copy the public key to the remote Ubuntu server.
Using your regular user SSH access, run:
scp ~/root_ssh.pub remote_username@server_ip:/tmp
This securely copies the public key to the /tmp folder on the server.
Log in to the remote server using your regular sudo user.
Go to the /root/.ssh folder and create an authorized_keys file:
sudo su
mkdir /root/.ssh
nano /root/.ssh/authorized_keys
Paste the contents of /tmp/root_ssh.pub into authorized_keys. Save and exit.
This adds the root public key to the authorized key list to enable SSH authentication.
Restrict permissions on authorized_keys using:
chmod 600 /root/.ssh/authorized_keys
Also change ownership to root:
chown root:root /root/.ssh/authorized_keys
The key file is then encrypted by a mechanism, which is unknown to everyone but the only party holding the key itself is the confidential file.
Now enable direct root login by editing sshd_config:
sudo nano /etc/ssh/sshd_config
Find the line for PermitRootLogin and set it to yes:
PermitRootLogin yes
Save changes and restart the SSH service:
sudo systemctl restart sshd
The SSH daemon will now allow password-based root login. But for better security, we'll use key authentication instead.
Restrict root login to ONLY SSH keys by disabling password auth:
sudo nano /etc/ssh/sshd_config
Change PasswordAuthentication to no:
PasswordAuthentication no
Save changes and restart sshd once again. Root can now log in only via private key.
You can now SSH as root from your local machine using the private key generated earlier:
ssh -i ~/root_ssh root@server_ip
Enter yes when prompted to confirm the identity. Then you will be logged in with root privileges over a secured SSH connection.
Optional — Use SSH Config for Simpler Login
To avoid long SSH commands, you can add an entry to your SSH configuration file:
nano ~/.ssh/config
Add:
Host rootserver
HostName server_ip
User root
IdentityFile ~/root_ssh
Now you can simply run ssh rootserver to log in as root!
Here are some additional best practices to further secure root SSH access:
Set a passphrase on the root private key for two-factor authentication
Move the root key pair to a hardware security key for physical control
UseSSH certificates instead of plain keys to enable revocation
Only open the root SSH port to specific IP addresses if possible
Monitor server logs closely for failed root login attempts
Disable root SSH access completely when no longer needed
Rather than enable direct root login, an alternative approach is using sudo with regular user accounts that are part of the sudo group:
ssh regular_user@server
sudo -i # Switch to root shell
This is generally recommended over opening root SSH.
Allowing direct root login via SSH facilitates administrative access but also increases risks. Use with caution only when absolutely required. Always adhere to principles of least privilege.
Properly configuring SSH and using key-based access helps reduce risks while still enabling root access for specific situations. Follow the steps in this guide to enable ubuntu allow root ssh.
Let’s talk about the future, and make it happen!
Pricing Calculator
Unlock Cost Optimization
Overview
Documentation
Price Calculator
Tools
FAQs
Terms of Service
Privacy Policy
Migration
Container
Power
Utilities
VMware Private Cloud
VMware on AWS
VMware on Azure
Certifications
Customers
Partners
Careers
Support
Service Level Agreement 
Contact
