How to Disable Root Login on Arch Linux

Managing access to the root account is a critical task for every Linux system administrator. In this guide, we’ll show you how to disable root login on Arch Linux. This process will help you safeguard your server and improve security by controlling who can log in with root privileges.

Why Disable Root Login?

The root user has unrestricted access to your system, which can be a security risk if exploited by unauthorized users. By disabling root login, you can reduce the chances of unauthorized access to your server. Instead, you can use a sudo user with limited privileges to perform administrative tasks.

Prerequisites

Before we start, ensure you have the following:

1. Arch Linux installed on your system
2. An account with root privileges or sudo access
3. Access to a terminal or SSH session

How to Disable Root Login on Arch Linux

Create a sudo user (if you haven’t already)

Before disabling the root login, you must have a sudo user to perform administrative tasks. If you don’t have one already, follow these steps:

1. Log in as root or a sudo user.
2. Create a new user with the useradd command:

useradd -m -G wheel -s /bin/bash {username}

Replace {username} with your desired username.

3. Set a password for the new user with the passwd command:

passwd {username}

Enter the desired password and confirm it when prompted.

4. To enable the new user to run sudo commands, edit the /etc/sudoers file with the visudo command:

EDITOR=nano visudo

Find the line that reads:

# %wheel ALL=(ALL) ALL

Uncomment this line by removing the # at the beginning.

5. Save the changes and exit the editor.

You can now log in as the new sudo user and perform administrative tasks without the root account.

Disabling Root Login in SSH on Arch Linux

To disable root login via SSH, follow these steps:

1. Open the SSH configuration file with a text editor:

sudo nano /etc/ssh/sshd_config

2. Find the line that reads:

#PermitRootLogin yes

Change it to:

PermitRootLogin no

3. Save the changes and exit the editor.
4. Restart the SSH service:

sudo systemctl restart sshd

Root login via SSH is now disabled. You’ll need to use your sudo user to log in and perform administrative tasks.

Step 3: Disable Root Login on the Local Console (Optional)

If you want to disable root login on the local console as well, follow these steps:

1. Open the /etc/securetty file with a text editor:

sudo nano /etc/securetty

2. Comment out all lines by adding a # at the beginning of each line.
3. Save the changes and exit the editor.

Root login is now disabled on the local console. Only sudo users can log in and perform administrative tasks.

Conclusion

You’ve successfully enabled or disabled root login on Arch Linux. Disabling root login is an essential security measure to protect your system from unauthorized access. Remember to enable two-factor authentication and configure Fail2ban for even better security. To perform other tasks on Arch Linux, check out our guides on using SSH public key authentication