Is it a good idea to enable root login on Ubuntu? Not likely, whether you’re using Ubuntu as a desktop or server operating system. But can you do it? Sure, so long as you know the risks involved.
Some specialized Linux distros may have the root account enabled by default, but most don’t, including Ubuntu. You cannot use the root account to log in to the desktop or remote terminal session via SSH. But don’t worry, today we’ll learn how to enable root login on Ubuntu.
Enable Root Login on Ubuntu Desktop (GUI)
The root account is not enabled by default; consequently, you cannot use it to log in. Follow the succeeding steps to enable the root account and allow it to log in to the dekstop.
Step 1: Set a New Root Password
To enable it, you must first set its password. If you’ve already logged in to the Ubuntu desktop, open a terminal window and run this command to set the root password.
sudo passwd root
Enter the new root password twice.
Step 2: Modify the GNOME Display Manager Custom Configuration
Next, let’s modify the GNOME Display Manager custom configuration file at /etc/gdm3/custom.conf. This step ensures that GDM allows the root account into the GUI.
To do so, open the file using a text editor, such as nano.
sudo nano /etc/gdm3/custom.conf
When the editor is open, insert the line AllowRoot=true. Save the file and exit the editor.
Step 3: Modify the Pluggable Authentication Module (gdm-password) Service
Now we’ll modify the PAM configuration for it to allow the root login. Open the /etc/pam.d/gdm-password file in the text editor.
sudo nano /etc/pam.d/gdm-password
Next, comment out the following line by prepending it with a #. This line is what disallows the root account from logging in, and commenting it out disables this restriction.
auth required pam_succeed_if.so user != root quiet_success
Save the file and exit the editor.
Step 4: Logout and Login as Root
Log out from your current account.
The root account is not listed on the login screen. So, click on the Not listed link to reveal the username field.
Type root into the username field and press Enter.
Type the root password and press Enter.
Now you’re logged in as root.
Enable Root Login on Ubuntu via SSH
Now let’s tackle letting the root account login via SSH. At this point, you’ve already enabled the root account by settings its password. However, Ubuntu does not allow remote SSH login for the root account.
Step 1: Install the OpenSSH Server
Note. The SSH server is not installed by default on the desktop flavors of Ubuntu.
First, confirm that OpenSSH is not installed.
sudo systemctl status ssh
Next, install the OpenSSH server.
sudo apt install -y openssh-server
Once the installation is finished, recheck the ssh service and ensure that the service status is enabled and running.
sudo systemctl status ssh
You must explicitly enable the firewall rule to ensure that the system accepts SSH traffic.
sudo ufw allow ssh
And you would get the following confirmation.
Step 2: Update the SSH Server Configuration
Now that SSH is running on the machine, the next step is to update the SSH server configuration file (/etc/ssh/sshd_config). Open the file in the text editor.
sudo nano /etc/ssh/sshd_config
Once opened, insert the following code under the # Authentication: line to enable the remote root login.
Your /etc/ssh/sshd_config should look similar to the one below. Save the file and exit the editor.
Now, restart the SSH server for the changes to take effect.
sudo systemctl restart ssh
Step 3: Login Remotely as Root
Open a terminal or your preferred SSH client on a remote machine and log in to the Ubuntu machine using the root credentials.
The first time you connect to the machine, you will be asked to confirm the machine’s identity. Type yes and press Enter.
Enter the root password at the prompt and press Enter. You can see on the prompt that the currently logged-on user is the root account.
You’ve now unlocked the root login capability on your Ubuntu machine.
While enabling root login on Ubuntu is possible, remember to do so with extreme caution. Especially if the Ubuntu system is internet-facing. One way is to set a strong password or passphrase to avoid dictionary, brute-force, or password spraying attacks.