Root login with ssh key only

More security for the server – at least a little bit. A short description how to setup linux to allow root login with ssh key only and why this can be a quite secure solution.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.


Long planned and finally written down: root login on my server is only possible using the correct ssh key.
In /etc/ssh/sshd_config you have to change the following line

PermitRootLogin no

to

PermitRootLogin without-password

As I know what many people will say:
I do know that permitting root login is a possible security problem. The common solution is to login in as a “normal” user and then use sudo for administrative tasks. However: normal user usually login in using their password. An passwords can be guessed or cracked. And then somebody could login and use sudo and is root more or less. A key (kept absolutely secret of course) can’t be cracked that easily.
Of course I could force all users to use their ssh keys only to login. But I cannot and don’t want to to that at the moment. So I feel much more safe using a key only root login and user who are not sudoers.

Leave a Reply

Your email address will not be published. Required fields are marked *