How to allow SSH and SFTP access as root on your AWS Ubuntu 16.04 Instance

As someone that worked with multiple servers that weren't in AWS, root is the default user to manipulate everything on a server. However, in Amazon Web Services Instances when you try to access an Ubuntu based instance as the user ‘root‘, you will find the following message as response when trying to connect (which obviously prevents from connecting as root):

Please login as the user "ubuntu" rather than the user "root".

Basically what this does is that prevents you from accessing as root and forces you to login as the user ubuntu first and then to use sudo su to gain root access. This, sometimes isn't a problem for most of the administrators as this is the ubuntu security model, however it can be a big problem for example when you try to access your server via SFTP, where you will be unable to access/delete/rename or move files/directories due to lack of permissions, because you are not logged in as root but as ubuntu.

According to many opinions and to the Ubuntu security model, it is bad to login as root via SSH or SFTP, as it defeats the security model that has been in place on this OS for years. Every application is meant to be run with non-administrative permissions so you have to elevate their privileges to modify the underlying system e.g directories etc. If you know what you're doing and know why you are doing it e.g migration from a Plesk based server, where root access is necessary, we'll show you in this article how to allow the access as root via SSH or SFTP in your Ubuntu based AWS EC instance.

1. Access to your server with SSH

As first step, access your ubuntu server as you usually do, [email protected] and with your private key with your favorite tool (Putty). Then on the CLI, gain root privileges for the ubuntu user with the following command:

sudo su

With this command you will be logged in as the root user.

2. Edit authorized_keys file

Now that you are root, you need to modify the authorized_keys specifically of this user specifically located at. You can use nano to edit this file from the terminal:

nano /root/.ssh/authorized_keys

This will open the file that will contain probably just one authorized_key (namely the KeyPair that amazon provides you with when you create your instance) and some text at the beginning of the file:

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="
echo 'Please login as the user "ubuntu" rather than the user "root".';
echo;sleep 10"
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe AmazonOriginalKeyPairName

This is exactly the line of the authorized key that prevents you from accessing as root from any of your tools:

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="
echo 'Please login as the user "ubuntu" rather than the user "root".';
echo;sleep 10"

To allow access as root, remove only the text before the authorized key from the authorized_keys file of the root account and save changes. After saving changes, your authorized_keys file will have only the authorized ssh keys, that in our case was only one:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe
AAAAB3NzaC1yc2EAAAADAQABAAABAQCPqJ2U4gidqek2U4gidqe AmazonOriginalKeyPairName

Now try to login to your EC instance again as root and voila, root access via SSH or SFTP, which means no more directory permission problems for you. 

Happy coding !