{"id":120090,"date":"2025-01-15T15:16:05","date_gmt":"2025-01-15T20:16:05","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=120090"},"modified":"2025-01-15T15:16:50","modified_gmt":"2025-01-15T20:16:50","slug":"create-an-ssh-root-access-policy-for-linux","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux","title":{"rendered":"Create an SSH Root Access Policy for Linux"},"content":{"rendered":"\n<p>The SSH Root Access policy governs whether the root user can remotely log in to a system via SSH. This is a critical security setting, as enabling root login can expose systems to potential unauthorized access. This policy gives you an easy way to mass-control the PermitRootLogin configuration on your Linux devices.<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>The policy is applied only if the SSH daemon (sshd) is installed on the device.\n<ul>\n<li>To install an SSH server on a Linux device, use the package manager specific to your distribution:\n<ul>\n<li>Debian\/Ubuntu\/Linux Mint (Cinnamon)\/Pop!_OS: <code>sudo apt install openssh-server<\/code><\/li>\n\n\n\n<li>Fedora\/CentOS\/RHEL: <code>sudo dnf install openssh-server<\/code><\/li>\n\n\n\n<li>Amazon Linux: <code>sudo yum install openssh-server<\/code><\/li>\n\n\n\n<li>Rocky Linux: <code>sudo dnf install openssh-server<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>It is highly recommended to disable root login and use a non-root user for SSH access. Enabling root login via SSH can expose devices to brute-force attacks or unauthorized access, particularly if strong passwords or key-based authentication are not enforced.<\/li>\n\n\n\n<li>Consider using a non-root user with sudo privileges for remote management, which improves security by limiting access to sensitive system functions.<\/li>\n\n\n\n<li>Ensure that alternate user accounts with appropriate privileges are configured before disabling root access to avoid being locked out of critical systems.<\/li>\n<\/ul>\n\n\n\n<p><strong>To create a Control SSH Root Access policy:<\/strong><\/p>\n\n\n\n<ol start=\"1\">\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT<\/strong>&nbsp;&gt;&nbsp;<strong>Policy Management<\/strong>.<\/li>\n\n\n\n<li>In the <strong>All<\/strong> tab, click (<strong>+<\/strong>).<\/li>\n\n\n\n<li>On the New Policy panel, select the <strong>Linux<\/strong> tab.<\/li>\n\n\n\n<li>Find the <strong>SSH Root Access <\/strong>policy from the list, then click <strong>configure<\/strong>.<\/li>\n\n\n\n<li>Under Settings, choose whether to allow SSH root login with the <strong>Allow SSH Root Login<\/strong> setting: \n<ul>\n<li>Checked (enabled): Root login via SSH will be allowed on the target devices.<\/li>\n\n\n\n<li>Unchecked (disabled): Root login via SSH will be disallowed, which is generally considered a best practice to prevent potential security risks.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>(Optional) Select the <strong>Device Groups<\/strong> tab. Choose one or more device groups where you\u2019ll apply this policy.<\/li>\n\n\n\n<li>(Optional) Select the <strong>Devices<\/strong> tab. Choose one or more devices where you\u2019ll apply this policy.<\/li>\n\n\n\n<li>Click <strong>save<\/strong>. When the policy is saved, it will be automatically enforced on the target systems where the SSH daemon is present.<\/li>\n<\/ol>\n\n\n\n<p>To verify the root&#8217;s permission on a device, enter the following command in the <strong>sshd_config<\/strong> file: <code>sudo grep PermitRootLogin \/etc\/ssh\/sshd_config<\/code>. A response of <code>PermitRootLogin no<\/code> means that root access has been denied.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SSH Root Access policy governs whether the root user can remotely log in to a system via SSH. This [&hellip;]<\/p>\n","protected":false},"author":206,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,2926,2862],"support_tag":[],"coauthors":[2842],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create an SSH Root Access Policy for Linux - JumpCloud<\/title>\n<meta name=\"description\" content=\"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create an SSH Root Access Policy for Linux\" \/>\n<meta property=\"og:description\" content=\"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-15T20:16:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"pamkellman\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux\",\"name\":\"Create an SSH Root Access Policy for Linux - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2025-01-15T20:16:05+00:00\",\"dateModified\":\"2025-01-15T20:16:50+00:00\",\"description\":\"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create an SSH Root Access Policy for Linux\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create an SSH Root Access Policy for Linux - JumpCloud","description":"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux","og_locale":"en_US","og_type":"article","og_title":"Create an SSH Root Access Policy for Linux","og_description":"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.","og_url":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux","og_site_name":"JumpCloud","article_modified_time":"2025-01-15T20:16:50+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"pamkellman"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux","url":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux","name":"Create an SSH Root Access Policy for Linux - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2025-01-15T20:16:05+00:00","dateModified":"2025-01-15T20:16:50+00:00","description":"Enabling root login via SSH can expose devices to unauthorized access. Learn how to prevent this using the SSH Root Access policy.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-an-ssh-root-access-policy-for-linux#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create an SSH Root Access Policy for Linux"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/120090"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/206"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/120090\/revisions"}],"predecessor-version":[{"id":120098,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/120090\/revisions\/120098"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=120090"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=120090"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=120090"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=120090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}