Introduction
By default, Raspberry Pi OS disables direct root login for security reasons. Administrative tasks are typically performed using the default user account together with the sudo command. However, in some advanced administration, testing, development, or automation scenarios, you may need to enable direct root access.
This guide explains how to enable root login on Raspberry Pi, including both local console access and SSH remote access.
Warning: Enabling root login reduces system security and is not recommended for internet-facing devices. Only enable root access if you understand the associated security risks.
Why Is Root Login Disabled by Default?
Modern Linux distributions, including Raspberry Pi OS, disable root logins to:
- Reduce the risk of brute-force attacks
- Prevent accidental system modifications
- Encourage the use of sudo for administrative tasks
- Improve overall system security
Instead of logging in directly as root, users are expected to execute administrative commands using:
sudo command
Check the Current Root Account Status
Before enabling root login, verify the current status of the root account.
Run:
sudo passwd -S root
Example output:
root L
The letter L means the root account is locked.
Set a Password for the Root Account
Since the root account is usually locked by default, you must first assign a password.
Execute:
sudo passwd root
Enter and confirm a strong password when prompted:
New password:
Retype new password:
passwd: password updated successfully
This unlocks the root account and allows authentication using the specified password.
Verify the Root Account Is Active
Check the status again:
sudo passwd -S root
Example output:
root P
The letter P indicates that the root account has a valid password.
Enable Root Login via SSH
To allow SSH logins as root, edit the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_config
Find the following line:
PermitRootLogin no
Change it to:
PermitRootLogin yes
If the line is commented out, remove the # and configure it as:
PermitRootLogin yes
Verify Password Authentication Is Enabled
In the same configuration file, ensure the following setting exists:
PasswordAuthentication yes
If it is set to no, change it to:
PasswordAuthentication yes
Save the file and exit Nano.
Restart the SSH Service
Apply the changes:
sudo systemctl restart ssh
Verify the SSH service is running correctly:
sudo systemctl status ssh
Expected output:
active (running)
Test Root SSH Login
From another computer, connect using:
ssh root@SERVER_IP
Example:
ssh [email protected]
Enter the root password you configured earlier.
If everything is configured correctly, you should receive a root shell prompt:
root@raspberrypi:~#
Enable Root Login on the Local Console
After assigning a password to the root account, you can also switch to root locally.
Use:
su -
Enter the root password:
Password:
Successful login will display:
root@raspberrypi:~#
Troubleshooting
Permission Denied When Logging In
Check that:
- The root account has a password.
PermitRootLogin yesis configured.PasswordAuthentication yesis enabled.- The SSH service has been restarted.
Verify the SSH configuration:
sudo sshd -t
If no output appears, the configuration syntax is valid.
Root Account Still Locked
Check the account status:
sudo passwd -S root
If it still shows:
root L
Set a new root password:
sudo passwd root
SSH Service Not Running
Start and enable SSH:
sudo systemctl enable ssh
sudo systemctl start ssh
Verify:
sudo systemctl status ssh
Security Recommendations
If you enable root login, consider the following precautions:
- Use a strong root password.
- Restrict SSH access using a firewall.
- Change the default SSH port.
- Use SSH key authentication whenever possible.
- Disable root login again when it is no longer required.
- Keep Raspberry Pi OS updated regularly.
Disable Root Login Again
If you later decide to disable root access, edit the SSH configuration:
sudo nano /etc/ssh/sshd_config
Change:
PermitRootLogin yes
to:
PermitRootLogin no
Restart SSH:
sudo systemctl restart ssh
Optionally lock the root account:
sudo passwd -l root
Conclusion
Although Raspberry Pi OS disables root login by default, it can be enabled by assigning a password to the root account and modifying the SSH configuration. This allows direct root access both locally and remotely via SSH. However, because root has unrestricted access to the entire system, enabling root login should only be done when necessary and with appropriate security precautions in place.
