SSH root login from specific hosts


you normally should disable root login via sshd for security reasons. So no one can get access directly to root and login with highest privileges

But in some cases root access is needed from management Machines or others.
With the following changes in the sshd_config it should work.

Setup:

open the file /etc/ssh/sshd_config and remove the Line “PermitRootLogin”

$ sed -i 's/^PermitRootLogin/#PermitRootLogin/g' /etc/ssh/sshd_config

this will render the default Setting of PermitRootLogin ineffective.

Now we add the block for the access from specific machines

open file for write:

$ vim /etc/ssh/sshd_config

now copy and paste the following into the config file:

Match Address 127.0.0.1,::1,192.168.1.10
    PermitRootLogin yes
Match all
    PermitRootLogin no

Adding this to the configuration will allow root login from

  • localhost (IPv4)
  • localhost (IPv6)
  • host 192.168.1.10

From all others (Match all) the access will be denied


Leave a Reply

Your email address will not be published. Required fields are marked *