SSH direct root logins

Operating System & Version
CENTOS 7.8
cPanel & WHM Version
v90.0.10

audrey

Well-Known Member
Oct 18, 2006
104
4
168
Hi

In the Web Host Managers I have
SSH Password Authorization Tweak set to disabled
and I have tested and all SSH logins for all users and root
for password authentication are actually disabled
(ssh key access is working fine)

In WHM Security Advisor
it says
SSH direct root logins are permitted.
and I am wondering -
How important is it for me to
Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “without-password” or “no”
since
having Password Authentication disabled essentially accomplishes the same thing.

Thanks for your advice
Audrey
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
182
31
103
USA
cPanel Access Level
Root Administrator
Hello @audrey

The "SSH Password Authorization Tweak" sets the following line in /etc/ssh/sshd_config:

PasswordAuthentication no

It's not necessary to also update the PermitRootLogin option, as setting PasswordAuthentication no requires key-based authentication for the root user.

Keep in mind however, that if you want to enable password-based authentication for any other SSH users on the server, setting PasswordAuthentication yes would enable password-based logins for the root user. It would be prudent, but not necessary, to set the PermitRootLogin line to PermitRootLogin without-password now in case you ever need to change the PasswordAuthentication at some point in the future.

I hope you find this helpful!