How to block SSH root login?

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
User avatar
brightwolf
Posts: 4
Joined: Sun Feb 10, 2019 2:51 pm
Location: The Netherlands

How to block SSH root login?

Post by brightwolf »

I would like to block root login, i.e. only allow login via ssh cert and dietpi user. The dietpi user then has to su to root to become root. In /etc/ssh/ssh_config I entered:

Code: Select all

PermitRootLogin no
When trying to login I get the following error: Bad configuration option: permitrootlogin
Luckily I kept myself logged in via an other session, otherwise I would have locked myself out.
What am I doing wrong?
DietPi@Raspberry PI 3B+ running FHEM domotics server

"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
User avatar
MichaIng
Site Admin
Posts: 2333
Joined: Sat Nov 18, 2017 6:21 pm

Re: How to block SSH root login?

Post by MichaIng »

Strange, the setting is definitely correct. Is it either added doubled or somehow upper case lost (as of your error message)?
How did you edit the file?

To check full file: cat /etc/ssh/ssh_config
User avatar
brightwolf
Posts: 4
Joined: Sun Feb 10, 2019 2:51 pm
Location: The Netherlands

Re: How to block SSH root login?

Post by brightwolf »

The setting is not in the file at all. I have therefore added it to the bottom of the file, with the CamelCase notation. Indeed, the error shows only lower case which is not how I entered it. I edited /etc/ssh/ssh_config with nano.

Do you mean me to include the content of the full file here?
DietPi@Raspberry PI 3B+ running FHEM domotics server

"I have never tried that before, so I think I should definitely be able to do that" - Pippi Longstocking
User avatar
MichaIng
Site Admin
Posts: 2333
Joined: Sat Nov 18, 2017 6:21 pm

Re: How to block SSH root login?

Post by MichaIng »

Yeah, okay let me test this here as well. With nano used no change that somehow the upper case was lost, AFAIK. Perhaps the error output is just fully lower case.

Jep on default config, the entry is not inside, so everything you did should be correct.
Post Reply