The Risks of External Root Login: Why Should It Be Avoided?

October 2022

If you use a Linux dedicated server, you probably enjoy the greater sense of control and freedom that comes along with this type of hosting plan. However, with more freedom comes an inherent responsibility to secure your server and follow some basic security best practices to keep your data and account safe.

One of the most important things you can do to protect your hosting account and its associated data is to disable external root login. By better understanding what external root login is and why it should be avoided, you can make more confident decisions to secure your account.

What Is External Root Login?

On Linux servers, a “root” refers to the superuser account on the operating system itself. This account has the highest access rights on the system because it is designed for administrative purposes. Root users on a Linux operating system (OS) can do things that other users cannot. This includes installing new software, managing other accounts, and even changing permissions/ownership of individual files.

Reasons to Avoid External Root Login

When managing a Linux dedicated server, why should external root logins be avoided? For starters, root accounts are most often targets of brute force attacks. Unfortunately, when these attacks are successful, hackers can then take over all the permissions of the account. This means hackers may change permissions on files, install malware, and take other destructive measures that would not be possible on another type of user account.

By disabling external root login, it will be impossible for anyone to log into a root account remotely, which reduces the risk of your superuser account being compromised. Meanwhile, you can still log into the account on-site when you need to change permissions or handle administrative tasks that you cannot otherwise handle on a standard account.

How to Disable External Root Login

So, how do you go about disabling external root login on your dedicated hosting plan? The process is actually quite simple and only takes a minute. Start by logging with your normal account and opening the configuration file within your Linux directory. From there, search for “PermitRootLogin.”

Once you’ve found “PermitRootLogin,” change the setting to “no” in the /etc/ssh/sshd_config file. Once your changes are saved, remote logins will no longer be permitted on your root account. This, in turn, will immediately beef up your dedicated server security and give you some greater peace of mind.

You may still want to double-check that your new settings have been saved by attempting to log in to your root account remotely. You should receive some sort of “permission denied” message.

Beef Up Your Security Today

Disabling external root login is one of the simplest yet most effective ways to increase security on Linux dedicated servers. In doing so, you will protect your account from brute force attacks and other threats that could compromise your information. Meanwhile, you’ll still be able to make the changes you need to manage your dedicated hosting plan.

For more information on dedicated servers and security, reach out to the knowledgeable ReliableSite team!