145

I´d like to enable the ssh root access on Ubuntu 14.04. Editing the /etc/ssh_config (PermitRootLogin yes) didn't affect anything.

slybloty
  • 145
user283163
  • 1,459

5 Answers5

216

Simply adding a password for root is not enough for Ubuntu 14.04 Server.

You also need to edit /etc/ssh/sshd_config, and comment out the following line:

PermitRootLogin without-password

Just below it, add the following line:

PermitRootLogin yes

Then restart SSH:

service ssh reload

For Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-59-generic x86_64) PermitRootLogin without-password has been replaced by PermitRootLogin prohibit-password.

Daniel Le
  • 148
bdep
  • 2,161
  • 1
  • 10
  • 2
  • 10
    When doing this via ssh, service ssh reload is useful. – Torsten Römer Oct 14 '14 at 12:48
  • I was running Ubuntu on VM, however I don't know these changes didn't work till i restarted VM once (may be i need to stop/start network services in addition to above steps however I'm not sure). – VSB Dec 06 '14 at 18:54
  • 2
    I have to do PermitRootLogin yes because I had plain password – JorgeeFG Feb 10 '15 at 18:39
  • 1
    If doing this while ssh or scp tells you "Permission denied, please try again" in another window, quit and retry that ssh (or scp) instead of just re-typing in the password. – Camille Goudeseune Feb 10 '15 at 21:48
  • If I ever lose this key would I be able to regain access to this instance again? if I host my service on AWS ec2 or linnode would they be able to do something on a lost-key situation? – Shih-Min Lee Dec 25 '15 at 06:18
  • 1
    Once you copy your ssh key using ssh-copy-id or another method, you can uncomment PermitRootLogin without-password and comment out your new PermitRootLogin yes – pd12 Feb 02 '16 at 00:28
  • 1
    Also don't forget to check if root is mentioned in sshd_config: AllowUsers root – Jan Dec 13 '16 at 23:31
  • Mine doesn't have either line - AllowUsers nor PermitRootLogin. So I added both. Did service ssh reload and service ssh restart on the server. Yet from the workstation when I do ssh root@servername it still prompts for password then says Permission Denied. – SDsolar Mar 06 '18 at 00:17
  • comment out or delete the line PasswordAuthentication no, if you want to login with ssh with password. – bronze man Oct 28 '19 at 01:55
39

You need to setup a password for the root account and then it will work.

sudo passwd

Enter same password twice.

P.S. After modifying /etc/ssh/sshd_config don't forget to reload the openssh server.

sudo service ssh reload
terdon
  • 100,812
cioby23
  • 2,525
  • 2
    This will work; but to the OP: think twice before doing it. If you still do, and your PC is on the internet, consider adding fail2ban to the system. (This comment is related to enabling root login via ssh; having or not a local password for root is just a matter of taste). – Rmano May 19 '14 at 14:08
30

With Ubuntu 14.04 Server.

Set the password

sudo passwd

Changes in /etc/ssh/sshd_config

Change PermitRootLogin

PermitRootLogin yes

You may also have to check value of PasswordAuthentication. If it is set to no then set to yes

PasswordAuthentication yes

Then restart SSH:

service ssh restart

Community
  • 1
Pandurang Patil
  • 411
  • 6
    This is the only complete answer. Other answers are missing some part. – wisbucky Sep 26 '17 at 18:00
  • Except mine does not have this line. Adding it doesn't make it work. – SDsolar Mar 06 '18 at 00:18
  • OMG, yes!! Thank you! PasswordAuthentication was the missing link – mpen Jun 19 '18 at 06:04
  • I purged openssh-service and openssh-client on both systems ( Kali Linux and Ubuntu 18 ), reinstalled them, applied this answer and everytihng worked perfectly. – mk1024 Sep 08 '18 at 02:34
  • In my sshd_config, since it has "UsePam yes", and a line "DenyGroups root", besides all above actions, I need to remove the "root" for DenyGroups as well to make it work. – Flickerlight Feb 14 '19 at 07:43
3

For 14.04 you would have to comment below line in /etc/ssh/sshd_config

#StrictModes yes
muru
  • 197,895
  • 55
  • 485
  • 740
Jitendra
  • 47
  • 3
    Instead of disabling file mode checking, it would be better to ensure, that /root/.ssh and the files therein are not readable by any other user than root. – Adaephon Aug 03 '14 at 18:59
-1

For me, none of these steps worked, I've even tried something I wouldn't ever try for something else then a toy vm: PermitRootLogin without-password

The only thing that worked for me was disabling the PAM module for this:

UsePAM no

This option is normally at the very end of the file. To be honest, I don't know the real drawbacks of this, but since you're not supposed to allow root login online, I guess it's okay for a private dev-vm.

Nevertheless, set a strong password, always. Nope this is not an exception. Not even only this time...

Kjellski
  • 117
  • 4
  • 6
    PermitRootLogin without-password doesn't mean the root user gets to log in without authentication. It means the root user isn't allowed to log in with a password. Instead, the root user must log in utilizing RSA keys, which is more secure. – Craig Tullis May 08 '15 at 23:20
  • @Craig the problem I'm referring to is not that root would then need to use RSA SSH-Keys. The problem is that root is a user everyone knocking on the door of your SSH-Server knows exists. Which is not a good thing in my opinion. But feel free to let root login via SSH, but as you said, at least make sure it's using keys to do so! – Kjellski May 09 '15 at 16:13
  • 4
    You said you wouldn't try PermitRootLogin without-password for anything but a toy VM. That is what you use to disable password authentication for root, so that the only way root can logon is using RSA keys. You did not state that you tried that option with RSA keys. If you tried that option without keys, there's no way it could succeed. If you use PermitRootLogin without-password, then you cannot log on using password authentication at all, not with a strong password, not with a blank password, not at all. – Craig Tullis May 10 '15 at 02:30