Cyberithub

How to enable root ssh authentication in Fedora Linux

Advertisements

In this article, we will see how to enable root ssh authentication in Fedora Linux. You might have noticed that after installing the latest Fedora Server, you might not be able to login using root account over SSH unless you have enabled it during installation. So in the latest version which are having OpenSSH 7.0 release, by default root login over SSH would be disabled due to the common target attacks on root account in the previous fedora releases.

The root user can still remotely login using a public ssh key but /etc/ssh/sshd_config configuration file now disables the PermitRootLogin option. In case, you would like to enable root ssh authentication then you need to manually change this setting after locally login to the server. More on fedora official website.

 

How to enable root ssh authentication in Fedora Linux

How to enable root ssh authentication in Fedora Linux

Also Read: How to Install Fedora 37 Server on VirtualBox Using 3 Easy Steps

On a freshly installed Fedora system, you will find below configuration under /etc/sshd/sshd_config file. If you look closely, you will notice that PermitRootLogin under Authentication is set to prohibit-password. This setting needs to be changed to PermitRootLogin=yes to enable root ssh authentication.

[root@localhost ~]# vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a *.conf file under
# /etc/ssh/sshd_config.d/ which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
.................................................

So after modification, the new value under /etc/ssh/sshd_config configuration file would look like below.

[root@localhost ~]# vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a *.conf file under
# /etc/ssh/sshd_config.d/ which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin=yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
..................................

After updating the configuration, you need to restart sshd service by using systemctl restart sshd command as shown below.

[root@localhost ~]# systemctl restart sshd

After successfully restarting the service, you can check the status of sshd service by using systemctl status sshd command as shown below.

How to enable root ssh authentication in Fedora Linux 2

Now if you try to do ssh login through root user account then this time you will be able to login successfully as shown below.

login as: root
root@192.168.0.101's password:
Web console: https://localhost:9090/ or https://192.168.0.101:9090/

Last failed login: Sat Feb 4 22:11:54 IST 2023 from 192.168.0.106 on ssh:notty
There were 5 failed login attempts since the last successful login.
Last login: Sat Feb 4 20:25:54 2023
[root@localhost ~]#

Leave a Comment