How To Create Root SSH Login Key in Linux


Accessing a Linux server remotely requires secure methods, and SSH (Secure Shell) keys are among the safest ways to do so. They are a popular alternative to using passwords, offering a more robust and streamlined authentication process. This guide will walk you through creating an SSH login key specifically for the root user.

Note: Direct root access can pose security risks. Always ensure you understand these risks and consider alternative methods like using a regular user with sudo privileges.

Step-by-Step Guide

1. Open a Terminal Window

First, open a terminal window. This is the starting point for most Linux activities.

2. Generate an SSH Key Pair

Next, you’ll create a public and private key pair. In the terminal, enter:

ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa_new
  • -t rsa: Specifies the key type.
  • -b 4096: Sets the number of bits in the key.
  • -f: Specifies the file name for the key.

You’ll be asked to enter a passphrase for extra security. This step is optional but recommended.

3. Configure SSH to Allow Root Login

Edit the SSH configuration file with a text editor like nano:

nano /etc/ssh/sshd_config

Add or modify these lines:

PubkeyAuthentication yes
PermitRootLogin prohibit-password

Save and exit the file.

4. Add the Public Key to Authorized Keys


echo "$(cat /root/.ssh/" >> /root/.ssh/authorized_keys

This command adds the public key to a special file, allowing the corresponding private key to log in.

5. Set Correct Permissions

SSH is strict about permissions. Set them with:

chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
6. Restart the SSH Service

Finally, apply the changes by restarting the SSH service:

systemctl restart ssh


That’s it! You’ve now created an SSH key for root login in Linux. This key acts like a digital fingerprint, uniquely identifying the root user.

To connect from a remote machine, you’ll use the private key file (/root/.ssh/id_rsa_new).

Important Reminder: The power of the root user is immense. Handle this key with the utmost care, keeping it secure, and only using it when absolutely necessary. Always follow best practices to keep your system safe.

This article should help even beginners understand the process of creating a root SSH login key in Linux. The steps are laid out simply and logically to guide users through the process smoothly.

How To Secure Your Root SSH Key in Linux

Creating a root SSH key is only half the battle; securing it is equally critical. Here’s how you can take several vital steps to ensure your key’s safety.

1. Protect with a Strong Passphrase

When generating the SSH key, you’ll be prompted to enter a passphrase. This adds an extra layer of protection to the private key, requiring the passphrase to be entered whenever the key is used. Choose a complex passphrase and keep it in a secure location.

2. Set Strict Permissions on the Key Files

SSH requires specific permissions for key files to ensure that they aren’t tampered with. These permissions can be set using the following commands:

chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa_new
chmod 600 /root/.ssh/authorized_keys

These commands restrict access to the key files, allowing only the owner to read and write them.

3. Limit SSH Access to Specific IP Addresses

You can configure the SSH server to accept connections only from known IP addresses. Edit the SSH configuration file:

nano /etc/ssh/sshd_config

Add a line for each allowed IP address:

AllowUsers root@IP_ADDRESS

Replace IP_ADDRESS with the actual IP address you want to allow.

4. Monitor SSH Access Logs

Regularly check the SSH access logs to detect any suspicious activity. You can view the logs with:

tail /var/log/auth.log

5. Use a Key Management System

If you handle multiple keys, consider using a key management system. These systems help manage and secure SSH keys, making it easier to follow best practices.

6. Regularly Update Your System

Keep your Linux system up to date with the latest security patches. Regular updates will ensure that any known vulnerabilities are fixed promptly.

7. Disable Root Login When Not Needed

If direct root access is not necessary, consider disabling it and using a regular user with sudo privileges. This minimizes the risk associated with having the root user exposed.


Securing an SSH key involves multiple layers of protection, from choosing a strong passphrase to limiting access to specific IP addresses and regularly monitoring logs. By following these best practices, you can enjoy the convenience and security benefits of SSH keys without exposing your system to unnecessary risks.

Remember, the root user has the highest level of access, so handle root SSH keys with the utmost care and responsibility. When not needed, consider disabling direct root access altogether and rely on regular users with appropriate permissions.

By being proactive and conscientious, you can use SSH keys effectively while keeping your Linux system secure.

This addition to the article emphasizes the importance of security and provides straightforward guidance on keeping SSH keys, especially those associated with the root user, secure and under control.