Home Server SecurityHow to Disable Root Login on a cPanel Server (Secure SSH Access ) ?
Server Security

How to Disable Root Login on a cPanel Server (Secure SSH Access ) ?

by SupportPRO Admin
written by SupportPRO Admin
Disable Root Login on a cPanel Server

Disabling direct root login over SSH is an important security practice for any cPanel server. Allowing remote root access increases the risk of brute-force attacks and unauthorized logins. By disabling root login, administrators must first log in using a normal user account and then switch to root privileges securely. This approach also allows administrators to access WHM/cPanel without the root password, improving security while maintaining full administrative control over the server.

This guide explains how to disable root SSH login on a cPanel server safely without locking yourself out.

Why Disable Root SSH Login?

The root user has complete control over the server. If attackers gain root access, the entire system can be compromised.

Security benefits include:

  • Prevents direct root brute-force attacks
  • Adds an extra authentication layer
  • Improves server hardening
  • Encourages secure privilege escalation using su or sudo

Important Step Before You Begin

Before disabling root login, ensure your administrator account belongs to the wheel group. This allows the admin user to switch to root using:

su -

Failing to do this may result in losing root access completely.

Step 1: Log in via SSH

Connect to your server using an admin account:

ssh admin@server-ip

Switch to root:

su -

Step 2: Edit the SSH Configuration File

Open the SSH configuration file:

vi /etc/ssh/sshd_config

Step 3: Configure SSH Protocol

Locate the following line:

Protocol 2, 1

Uncomment and modify it to:

Protocol 2

Using Protocol 2 improves encryption and removes insecure legacy protocol support.

Step 4: Disable Root Login

Find the line:

PermitRootLogin yes

Uncomment it and change it to:

PermitRootLogin no

This prevents users from logging in directly as root via SSH.

Step 5: Save the Configuration

Save and exit the file:

  • Press ESC
  • Type :wq
  • Press Enter

Step 6: Restart the SSH Service

Apply the changes by restarting SSH:

/etc/rc.d/init.d/sshd restart

What Happens After Disabling Root Login?

Once configured:

  • Direct root SSH login is blocked
  • Users must log in as an admin account first
  • Root access is obtained securely using su - or sudo
  • SSH connections use a more secure protocol

Best Practices for SSH Security

To further secure your cPanel server:

  • Use SSH key authentication instead of passwords
  • Change the default SSH port
  • Enable firewall protection
  • Limit login attempts
  • Keep server packages updated

Conclusion

Disabling root login is a simple yet powerful step toward improving cPanel server security. By forcing administrators to authenticate through a standard user account before accessing root privileges, you significantly reduce the chances of unauthorized access.

Always verify admin access before applying these changes to avoid accidental lockouts while strengthening your server’s overall security posture.

If you require help, contact SupportPRO Server Admin

Facing issues?

Our technical support
engineers can solve it.

Contact Us today!
guy server checkup

You may also like

Dirty Frag: Universal Linux LPE

7 Critical Actions for Every cPanel & WHM...

Automate Malware Scans and Reports with CPGuard CLI

MongoDB Vulnerability CVE-2025-14847: Risks, Impact, and How to...

Critical Next.js Vulnerability CVE-2025-66478 : Remote Code Execution...

How to Protect Your Server from SYN Flood...

RunCloud Firewall Security Guide: Firewalld, Fail2ban & WAF...

Optimizing Nginx & Apache Settings in RunCloud for...

How to Restore Safe Files Flagged by CPGuard...

From Logs to Reports: Everything You Need to...

Leave a Comment