Connect to Linux VMs as the root user

This document describes how to connect to Linux virtual machine (VM) instances as the root user, which enables superuser privileges on the VM. By default, Compute Engine VMs built from public images and most common operating systems don't allow root login with a password over SSH.

An alternative to connecting to VMs as the root user is to run commands through sudo, which we recommend instead of enabling root login.

Supported operating systems

These connection methods are supported for all public Linux images that are available on Compute Engine. For Fedora CoreOS images, you must set up SSH access before you can use these methods.

Enable root login

By default, Compute Engine VMs, set the PermitRootLogin parameter to prohibit-password or no in the /etc/ssh/sshd_config SSH configuration file. Enable root login by following the instructions for your VM:

OS Login VMs

Enable root login by doing the following:

  1. Create an SSH key. Copy the public SSH key for later.

  2. Connect to the VM as you usually do.

  3. Change PermitRootLogin no to PermitRootLogin prohibit-password in the /etc/ssh/sshd_config file, by running the following command:

    sudo sed -i 's/PermitRootLogin no/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config

  4. Create the /root/.ssh directory using the following command:

    sudo mkdir /root/.ssh

  5. Set permissions on the .ssh directory, by running the following command:

    sudo chmod 700 /root/.ssh

  6. Create the authorized_keys file by running the following command:

    sudo touch /root/.ssh/authorized_keys

  7. Set permissions on the authorized_keys file, by running the following command:

    sudo chmod 600 /root/.ssh/authorized_keys

  8. Paste the public SSH key into the /root/.ssh/authorized_keys file.

  9. Restart the sshd daemon by restarting the VM, or running the restart command for your VM's operating system. Wait for the VM to reboot, then connect as the root user.

Non-OS Login VMs

Enable root login by doing the following:

  1. Connect to the VM as you usually do.

  2. Change PermitRootLogin no to PermitRootLogin prohibit-password in the /etc/ssh/sshd_config file, by running the following command:

    sudo sed -i 's/PermitRootLogin no/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config

  3. Restart the sshd daemon by restarting the VM, or running the restart command for your VM's operating system. Wait for the VM to reboot, then connect as the root user.

Connect as the root user

After you enable root login, connect to the VM as the root user. If you're connecting to a VM that has OS Login enabled, you must use third-party tools instead of the gcloud CLI.

gcloud

Note: You must use third-party tools to connect as the root user if the VM you're connecting to has OS Login enabled.

Connect to VMs as the root user by using the gcloud compute ssh command with root@ specified before the VM name:

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Connect to the VM by running the following command:

    gcloud compute ssh \
    --project=PROJECT_ID \
    --zone=ZONE \
    root@VM_NAME

    Replace the following:

    • PROJECT_ID: the ID of the project that contains the VM
    • ZONE: the name of the zone in which the VM is located
    • VM_NAME: the name of the VM

Third-party tools

Connect to VMs as the root user by following the instructions for your VM:

Troubleshooting

To find methods for diagnosing and resolving failed SSH connections, see Troubleshooting SSH.

What's next