Sometimes it is fun to dig a bit deeper into how things work just to satisfy your curiosity while learning something new, like PermitRootLogin, for example. Does it check the UID or the user name? Today’s SuperUser Q&A post digs in to find the answer to a curious reader’s question.
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
SuperUser reader ge0rg wants to know if PermitRootLogin is based on the UID or the user name:
The man page states that PermitRootLogin:
- Specifies whether root can log in using ssh(1).
However, it is not clear if this check is based on the user name (root) or the UID (0). What happens if the root account is renamed to admin? Will admin be able to log in when PermitRootLogin=no? What happens if there are two accounts with UID=0 (i.e. root and admin)? Will either of them be able to log in?
Is PermitRootLogin based on the UID or the user name?
SuperUser contributor mtak has the answer for us:
It seems the check is done with the UID (tested on OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016):
Set PermitRootLogin to Off:
Make sure a user named admin is created with UID 0:
Make sure the user can be used to log in to the system:
Check to see if we can log in to the system using SSH:
If we set PermitRootLogin back to On:
And try to log in:
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.