Limit root user of SSH logins

Hi team,

I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like:

@root            hard    maxlogins       1

I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this:

MaxSessions 2

But I do still able to login more than one time! Any help please..

Your limits.conf syntax is wrong. You are trying to limit a group named root, not a user named root. Change "@root" to "root"

No I have this in limits.conf

I think that is no matter if I put @root since the root user is belong to root group. However, I removed the @ sign and made it like this

oot             hard    maxlogins       2

And I still able to login many times!

This limit doesn't apply to a user whose userid is 0.

! Then how can I restrict the user root of multi login?!!

I have no idea why you'd want to do that.

There are various ways to restrict root access to varying degrees, but not by just the number of SSH logins (and even that would be easily circumventable with, for example, su).

I want to make sure that I'm the only root user over SSH.

I didn't expect this issue is on that difficulty to be solved!

Limiting to "1" is not the same as limiting to "you".

Change the password, remove keys from authorized_keys; or limit access to your IP in access.conf, or for sshd in hosts.allow or hosts.deny.

why wouldn't you create a group 'sshusers', put your user with user id in that group and 'PermitRootLogin no' and 'AllowGroups sshusers' in openssh-server config? that'd be a kind of security. using pubkeys instead of password authentication is a good choice also.

1 Like

@ Scott and spider_fingers,

Both of your ideas are really great! But I already tried to restrict the root user access to the system through SSH in /etc/security/limits.conf

root             hard    maxlogins       2

and also in /etc/ssh/sshd_config

MaxSessions 2

but the root user still able to log in through SSH simultaneity!

I don't know what else should I do, in the same time I just want to know how to limit root access through SSH to the server.

Thanks team

I'm not convinced that you tried either suggestion, because both suggestions should work.

I go back to my original question: "why would you want to do that?" And I can't think of a single reason. If you were a capable Admin you would not have to ask this question.

This thread is going nowhere.

-- Closed --