Having a root access to Linux server through SSH isn’t exactly a good idea in terms of security but in case if it is unavoidable then it can be helpful to setup a monitoring system that can email notifications immediately whenever root access is done.
To do this on an Ubuntu server :
1. First install an email routing program like sendmail by logging into the server with root credentials and typing :
2. After this, the .bashrc file needs to be edited for root. This file is the one that is read and all the commands in it are executed upon root login. Type :
(The ls -a command will show all the hidden files with .bashrc being one of them.) Scroll down to the last line of .bashrc file and add the following :
Save the changes and logout.
Now log back in as root via ssh, after a minute or two there will be an email notification at the specified email address stating that root login to server has occured from a specific IP address with timestamp.
By the way, to completely disable root login via SSH, please refer to the earlier post on setting up Ubuntu SSH server here. To get more familiar with different Linux commands, please refer to our Linux command line basics primer here.