According to Amazon Linux AMI User Guide, root access is disabled by default for security reason.
How do I get root SSH access on my Amazon Linux AMI instance?
The Amazon Linux AMI does not allow remote root SSH by default. You should specify a key pair at instance launch and login as ec2-user using your key pair to access the command line. This user has sudo access by default to allow you to run root actions. If you want to enable remote root login, please be aware that it is significantly less secure than relying on key pairs and a secondary user.
You are strongly recommended to use sudo
to run root actions:
sudo yum upgrade
or getting root shell by running:
sudo -i
I understand the risk, what if I REALLY want it?
You can enable root access for SSH/SFTP if you want,
it’s especially useful when you want to overwrite some config files via SFTP.
Warning: You are STRONGLY RECOMMENDED to keep at least one console open,
in case you strewed up sshd config, you will not able to open new SSH session.
You have been warned, do at your own risk.
Step 1: Enable root login in sshd config
sudo vi /etc/ssh/
sshd_config
Replace the line
PermitRootLogin forced-commands-only
with
PermitRootLogin without-password
then save the file and reload sshd config.
sudo /etc/init.d/sshd reload
Step 2: Disable blocking command for root account
sudo
vi
/root/.ssh/
authorized_keys
You will see something like
command="echo 'Please login as the ec2-user user rather than rootuser.';echo;sleep10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTctyMQwAPXDqlOfZL5...[skipped]
Delete everything before “ssh-rsa”, the file should now look like
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTctyMQwAPXDqlOfZL5...[skipped]
Save the file and you are done.
You now have root access to SSH/SFTP with your private key.
Hint: Remember to test if you can still login to new SSH session before closing all consoles.
One more step:
Copy the authorized_keys from ec2-user’s .ssh folder to root’s .ssh folder and replace the ec2-user mention in that file to root.
tank you.