Disabling ssh access for root and allowing "su"


Well-Known Member
Dec 24, 2003
Brisbane, Australia
The following are the steps to disable root and enable "su" over SSH

step : 1 create a user make him a member of wheel group.(use cpanel and WHM or manually using shell)

step : 2 uncomment the following line in the file /etc/pam.d/su

auth required /lib/security/$ISA/pam_wheel.so use_uid

(modifications to PAM settings take place immediately unlike other services)

step : 3 comment out the line following in the file /etc/ssh/sshd_config
PermitRootLogin no

step : 4 Restart sshd (service sshd restart)

PAM(Pluggable Authentication Module ) - guards linux : A group of modules which take care of authentication procedures and hence each
software programmer need not be concerned about authentication.
In our case it is the "su"

A word of caution : Please make sure you retain a ssh root login session until you test these settings and that will help us to revert back to previous settings if something goes wrong