100 Days of DevOps - Day 03

Mithila-Navishka · August 9, 2025, 1:51pm

In this lab, I was asked to deny root login. The task was to edit the sshd_config file, set PermitRootLogin no, and then restart the sshd service.

I did this multiple times — edited the file, saved it, restarted, reloaded, even stopped and started the service. But when I tried logging in from the jump host using:

ssh root@stapp01

it still prompted me for a password.

This is confusing, because if PermitRootLogin no was applied, it shouldn’t even ask for a password — it should just deny the connection immediately. I can’t figure out why this setting isn’t taking effect.

Santosh_KodeKloud · August 9, 2025, 2:25pm

Hi @Mithila-Navishka

You need to perform these steps on all the App Servers.

Mithila-Navishka · August 9, 2025, 2:44pm

problem is santosh , i wanted to apply it to one server and need to confirm that the configuration is applied to that server properly , lets assume if i disable the root loging in ‘stapp01’ after i logged from jump server , password for the root should not be prompted right ?

sshd file configuration

restarted the service

still prompt for password when logging from jump host

if the configurations success, above prompt should not be appeared right ?

Santosh_KodeKloud · August 9, 2025, 4:13pm

The behavior with PermitRootLogin is that, although it prompts for a password, it will eventually be denied if you set PassworkAuthentication to no. The prompt will not be shown, and you will get a denied message.

Mithila-Navishka · August 9, 2025, 5:30pm

Then what was the purpose of PermitRootLogin ? If not disabled prompt for the password

kods · August 17, 2025, 4:36pm

check this git repo : Day 4 of 100 days of DevOps - #4 by kods