1. AWS (Amazon Web Services)

Enabling Root User Login on an EC2 Instance

Written by Posted on Less than 0 min read
0

If you are frustrated with always having to log in as the ubuntu user and prepend sudo before executing commands, this guide will help you enable direct root user login on an EC2 instance.

Important Note: This is not a recommended best practice due to security concerns. Before enabling root login, ensure that your EC2 security group has inbound rules restricting access to known CIDR ranges or specific IPs.

Steps to Enable Root Login on EC2

1. Modify the SSH Configuration

The default SSH configuration prevents direct root login. To allow it, follow these steps:

  1. Open the SSH daemon configuration file using:
    sudo nano /etc/ssh/sshd_config
  2. Locate the following line:
    PermitRootLogin prohibit-password
  3. Update it to:
    PermitRootLogin yes
  4. Save the file and exit (Press CTRL + X, then Y, and Enter).

2. Restart the SSH Service

After modifying the configuration file, restart the SSH service for changes to take effect:

sudo systemctl restart sshd

3. Modify Authorized Keys

By default, the SSH authorized keys file includes restrictions that prevent root login. Follow these steps to remove these restrictions:

  1. Open the root user’s authorized keys file:
    sudo nano /root/.ssh/authorized_keys
  2. Locate and delete the following restriction text:
    no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"admin\" rather than the user \"root\".';echo;sleep 10;exit 142"
  3. Save the file and exit.

4. Login as Root

Once the above changes are applied, you can now log in directly as the root user via SSH:

ssh -i /var/certificates/private.pem root@your-ec2-instance-ip

Security Considerations

Enabling root login increases security risks. To mitigate potential threats:

  • Ensure that only trusted IPs have access by updating security group inbound rules.
  • Use strong SSH key authentication.
  • Consider disabling password authentication (PasswordAuthentication no in sshd_config).
  • Regularly monitor SSH logs for unauthorized access attempts.

By following these steps carefully, you can enable root login on your EC2 instance while maintaining a reasonable security posture.

Cheers! 🎉

Member since
Result-driven IT Professional with over 8 Years of experience in Software Development, Cloud Computing, DevOps, and IT Infrastructure Management. Proficient in designing scalable architectures on AWS (EC2, RDS, S3, IAM, Lambda, Route 53, CloudFormation), Azure (AD, M365, Virtual Machines), and Cloudflare (WAF, Zero Trust). Skilled in automating CI/CD pipelines using Jenkins, GitHub Actions, and Bitbucket Pipelines, and managing infrastructure with Kubernetes, Terraform, and Ansible. Proven achievements include reducing AWS operational costs by 40%, scaling high-traffic WordPress systems, implementing Zero-Trust security, and upgrading ERP systems. Experienced in performance optimization, database tuning, disaster recovery planning, network security audits, and IT project leadership.
Do you like RavikantDk's articles? Follow on social!

Related articles

  1. AWS (Amazon Web Services)

Enabling NAT Gateway for Private Subnets in AWS

In Amazon Web Services (AWS), instances within a private subnet cannot access the internet directly. However, a NAT (Network Address Translation) Gateway allows these instances to securely send outbound traffic (e.g., downloading updates, accessing APIs) while remaining inaccessible from external sources. This guide will walk you through the step-by-step process of setting up a NAT […]
Written by
  1. AWS (Amazon Web Services)
  2. DNS
  3. Networking

Understanding AWS Load Balancer Routing with Cloudflare and Different Clients

When deploying web applications on AWS using multiple Network Load Balancers (NLBs), understanding how traffic is routed across different clients—such as browsers (Chrome, Edge, Firefox, Safari) and mobile apps (React Native-based)—is essential. This article explores how routing works when using Cloudflare DNS with and without the proxy feature enabled. 1. Overview of Routing Mechanisms When […]
Written by
  1. AWS (Amazon Web Services)

Setting Up AWS CloudWatch Alarm for EC2 CPU Usage with Email Alerts

Introduction Monitoring EC2 instances is crucial for ensuring optimal performance and preventing issues like underutilization or overloading. AWS CloudWatch allows users to track metrics and set up alarms to trigger notifications based on predefined conditions. In this guide, we’ll walk through setting up a CloudWatch alarm to send email alerts when an EC2 instance’s CPU […]
Written by
Next
No Comments
Leave a comment Cancel
Comments to: Enabling Root User Login on an EC2 Instance

Your email address will not be published. Required fields are marked *

Attach images - Only PNG, JPG, JPEG and GIF are supported.

Login

Welcome to ITUptodate
Brief and amiable onboarding is the first thing a new user sees in the theme.
Read Smart, Save Time
Pick all the topics you are interested in to fill your homepage with stories you'll love.

Join ITUptodate