Disable root login on Vultr – An easy method to secure your instance

Table of Contents

Server owners are very interested in even smaller things that can prevent security breaches.

One such thing is to disable root login on Vultr Cloud Compute.

At 1 onlyhost, we help server owners disable root login on their Vultr instances as part of our Managed Cloud Services.

But, how do you manage a server with root login disabled?

Today, we’ll discuss how our Dedicated Engineers disable root login on a Vultr instance and setup alternate ways to access the server.

 

Disable root login on Vultr – Why it’s needed?

Root user is the default user on all Linux systems. Moreover, this user has all the super privileges on the server and it controls everything.

So, guessing and cracking the root password is the primary target of hackers, spam bots, etc. to penetrate into an account. Therefore, it’s very important to harden SSH on a Vultr instance.

Our Security Engineers always carry out frequent server audits to identify any security vulnerabilities and fix them immediately.

 

Disable root login on Vultr – How to do it?

Now, let’s see how our Support Engineers disable root login on a Vultr instance and enable server access via alternate methods.

We disable root login on a Vultr instance by adding the following line in the SSH configuration file /etc/sshd/sshd_config.

PermitRootLogin yes

 

Most importantly, we restart the SSH service to bring the changes into effect. For example, we use the below command to restart SSH service on CentOS server.

service sshd restart

 

However, in some cases root access becomes necessary for the user. In such cases, our Support Experts restrict root access to the server by IP address. In other words, we get the customer’s IP address and restrict root access to that particular IP address.

For instance, we add the following line in the SSH configuration file to allow root access to the IP address xx.xx.xx.xx and restart the SSH service.

AllowUsers root@xx.xx.xx.xx

 

But, before disabling root login, our Support Engineers always make sure to setup alternate ways to enable server access, otherwise user will be permanently locked out of the server.

 

a) Setup sudo user

It’s always a best practice to add a user with sudo access instead of root access. For example, we create a new user test on an Ubuntu instance using the below command.

adduser test

 

After that, we’ll give super user privileges to this test user, so that it can function just like the root user. For example, we assign root privileges to the test user by adding it to the sudo group.

adduser test sudo

 

Alternatively, if we need multiple users with root privileges on the Vultr instance, our Support Experts modify the sudoers file and add the users here.

Once done, we login as sudo user using the below command and test the sudo permissions of the user.

su test

 

Now, the user can manage the server with root permissions.

 

b) Setup key based access

Alternatively, our Security Engineers setup key based SSH access on the Vultr instance which is another safer method to use.

Firstly, we create a new key pair with the ssh-keygen command. This consists of a public key and private key. Further, we create a .ssh folder and authorized_keys file in the user’s home directory.  After that, we add the public key to the authorized_keys file.

Most importantly, we ensure that the permissions of .ssh folder authorized_keys file are proper. Once done, users can login using the private key that matches the public key.

[Do you need help in disabling root login on your Vultr VPS? Our Server Experts can help you here.]

Vultr disable root login – Common failure points

Disabling root login on a Vultr instance involves a series of steps. And, a single wrong step can lock you out from the server. Now, let’s see the common errors that users may come across.

 

1) Incorrect permissions of SSH key

This is one of the common errors that we see while disabling root login on a Vultr instance. Server owners setup key based server access, but forget to assign proper permissions for the SSH key.

The ideal permission of .ssh folder should be 700 and the file authorized_keys should be 600. So, if users don’t have proper permissions to read the ssh keys, it throws errors like this.

Permission denied (publickey)

 

Here, our Support Engineers check the permission and ownership of these files. If we notice any problems with permissions, we’ll immediately correct them.

[Need help in resolving this error on your Vultr VPS? Click here, and get one of our Server Experts to fix this error.]

 

2) Hostname error

Similarly, another instance we see is that users create a new sudo user. However, with the default Vultr hostname, it will throw the following error.

sudo: unable to resolve host vultrcloud

 

In such cases, our Dedicated Engineers change the hostname of the Vultr instance to a Fully Qualified Domain Name(FQDN). Depending on the operating system, we edit the files /etc/hosts/ and /etc/hostname to change the hostname.

 

Conclusion

In short, disabling root login on Vultr instance is an easy method to secure your server. Today, we’ve discussed how our Dedicated Engineers disable root login on a Vultr instance and fix the common errors.

Leave a Comment

Your email address will not be published. Required fields are marked *

Social Share

Facebook
Twitter
LinkedIn
Telegram

Cheapest Web Hosting

Fasters Web Hosting Promo
Scroll to Top

Launch your Website at RS599

Create a professional website yourself with our domain hosting combo. Get Extra benefits at this Year end Sale with 10% OFF and Enjoy Amazing Deels on Shared Hosting!

Starting at Only RS599/Year

Year End Sale

Hours
Minutes
Seconds

Use Code STARTBIZ at Checkout.

Create an earning opportunity with A Web Hosting Business

Become reseller and start reselling domains, web hosting, ssl certificates and More.

45% OFF

Starting at RS399/Month

Hours
Minutes
Seconds

Use coupon: at the checkout.