{"id":468,"date":"2011-03-29T22:28:00","date_gmt":"2011-03-30T04:28:00","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=468"},"modified":"2026-03-29T23:49:27","modified_gmt":"2026-03-30T05:49:27","slug":"how-to-disble-root-logins-in-the-cpanel-server","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/how-to-disble-root-logins-in-the-cpanel-server\/","title":{"rendered":"How to Disable Root Login on a cPanel Server (Secure SSH Access ) ?"},"content":{"rendered":"\n<p>Disabling direct root login over SSH is an important security practice for any cPanel server. Allowing remote root access increases the risk of brute-force attacks and unauthorized logins. By disabling root login, administrators must first log in using a normal user account and then switch to root privileges securely. This approach also allows administrators to <a href=\"https:\/\/www.supportpro.com\/blog\/access-whm-cpanel-without-root-password\/\" title=\"\">access WHM\/cPanel without the root password<\/a>, improving security while maintaining full administrative control over the server.<\/p>\n\n\n\n<p>This guide explains how to <strong>disable root SSH login on a cPanel server<\/strong> safely without locking yourself out.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Disable Root SSH Login?<\/h2>\n\n\n\n<p>The root user has complete control over the server. If attackers gain root access, the entire system can be compromised.<\/p>\n\n\n\n<p><strong>Security benefits include:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prevents direct root brute-force attacks<\/li>\n\n\n\n<li>Adds an extra authentication layer<\/li>\n\n\n\n<li>Improves server hardening<\/li>\n\n\n\n<li>Encourages secure privilege escalation using <code>su<\/code> or <code>sudo<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Important Step Before You Begin<\/h2>\n\n\n\n<p>Before disabling root login, ensure your administrator account belongs to the <strong>wheel group<\/strong>. This allows the admin user to switch to root using:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su -<\/code><\/pre>\n\n\n\n<p>Failing to do this may result in losing root access completely.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Log in via SSH<\/h2>\n\n\n\n<p>Connect to your server using an admin account:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh admin@server-ip<\/code><\/pre>\n\n\n\n<p>Switch to root:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su -<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Edit the SSH Configuration File<\/h2>\n\n\n\n<p>Open the SSH configuration file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vi \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Configure SSH Protocol<\/h2>\n\n\n\n<p>Locate the following line:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Protocol 2, 1<\/code><\/pre>\n\n\n\n<p>Uncomment and modify it to:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Protocol 2<\/code><\/pre>\n\n\n\n<p>Using <strong>Protocol 2<\/strong> improves encryption and removes insecure legacy protocol support.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4: Disable Root Login<\/h2>\n\n\n\n<p>Find the line:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin yes<\/code><\/pre>\n\n\n\n<p>Uncomment it and change it to:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin no<\/code><\/pre>\n\n\n\n<p>This prevents users from logging in directly as root via SSH.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5: Save the Configuration<\/h2>\n\n\n\n<p>Save and exit the file:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Press <code>ESC<\/code><\/li>\n\n\n\n<li>Type <code>:wq<\/code><\/li>\n\n\n\n<li>Press <strong>Enter<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 6: Restart the SSH Service<\/h2>\n\n\n\n<p>Apply the changes by restarting SSH:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/rc.d\/init.d\/sshd restart<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">What Happens After Disabling Root Login?<\/h2>\n\n\n\n<p>Once configured:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Direct root SSH login is blocked<\/li>\n\n\n\n<li>Users must log in as an admin account first<\/li>\n\n\n\n<li>Root access is obtained securely using <code>su -<\/code> or <code>sudo<\/code><\/li>\n\n\n\n<li>SSH connections use a more secure protocol<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices for SSH Security<\/h2>\n\n\n\n<p>To further secure your cPanel server:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use SSH key authentication instead of passwords<\/li>\n\n\n\n<li>Change the default SSH port<\/li>\n\n\n\n<li>Enable firewall protection<\/li>\n\n\n\n<li>Limit login attempts<\/li>\n\n\n\n<li>Keep server packages updated<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Disabling root login is a simple yet powerful step toward improving cPanel server security. By forcing administrators to authenticate through a standard user account before accessing root privileges, you significantly reduce the chances of unauthorized access.<\/p>\n\n\n\n<p>Always verify admin access before applying these changes to avoid accidental lockouts while strengthening your server\u2019s overall security posture.<\/p>\n\n\n\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n<p class=\"has-text-align-center\"><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><a href=\"https:\/\/www.supportpro.com\/freecheckup.php\"><\/a><\/span><\/span><\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-white-background-color has-background\"><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size\">Facing issues? <\/p>\n\n\n\n<p class=\"has-large-font-size\">Our technical support<br>engineers can solve it. <\/p>\n\n\n\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" alt=\"guy server checkup\" class=\"wp-image-12943 size-full\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Disabling direct root login over SSH is an important security practice for any cPanel server. Allowing remote root access increases the risk of brute-force attacks and unauthorized logins. By disabling&hellip;<\/p>\n","protected":false},"author":4,"featured_media":16804,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=468"}],"version-history":[{"count":6,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions"}],"predecessor-version":[{"id":16803,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions\/16803"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/16804"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}