How to Log In as Root in Ubuntu: sudo -i, Password, SSH, and GUI Login

Ubuntu's security policy intentionally restricts direct work under the root user. All administrative actions are performed through sudo by default — meaning every privileged command requires explicit confirmation. This approach reduces the risk of accidental system file deletion: Ubuntu has no recycle bin for the rm command, and recovering accidentally deleted files without a backup is nearly impossible.

That said, there are situations where a full root login is necessary — automation scripts, SSH access, or running a long sequence of administrative commands.

Why Root Has No Password by Default

In Ubuntu, the root user exists but has no password set. Attempting to log in via su - root or through a virtual console (Ctrl+Alt+F2) will fail — entering the correct password is impossible because there is none.

su - root
# Password:
# su: Authentication failure

This is not a misconfiguration — it is an intentional decision. For most tasks this is the correct policy, and it can be bypassed when genuinely needed.

Open a Root Shell in the Terminal

Two equivalent methods.

Via sudo su:

sudo su - root

sudo confirms the current user's privileges, then su switches the shell to root. The dash - means a full environment switch: environment variables, working directory, and profile are loaded as in a real root login.

Via sudo -i:

sudo -i

The -i flag (simulate initial login) does the same thing — opens a root shell with a full environment. This is the more modern and recommended approach.

After logging in, the prompt changes from $ to # — indicating root access:

root@hostname:~#

To exit the root shell:

exit

Set a Root Password

To log in as root via a virtual console, SSH, or su without sudo — a password must be set:

sudo passwd root

The system will ask for the new password twice. After this, su - root works without sudo:

su - root
# Password: [enter the password that was set]

When this is needed: direct SSH login as root, automation scripts, environments without sudo in PATH, VPS servers where only the root account is available.

Logging In as Root via SSH

After setting the password, SSH login as root may still be blocked — this is controlled in /etc/ssh/sshd_config.

Check the current setting:

grep PermitRootLogin /etc/ssh/sshd_config

Allow root login with a password:

sudo nano /etc/ssh/sshd_config

Find the line and change it to:

PermitRootLogin yes

Restart SSH:

sudo systemctl restart sshd

Note for VPS: most providers deliver servers with PermitRootLogin yes already enabled and a root password from the control panel. For better security, switching to SSH key authentication and disabling password login is strongly recommended.

Run a Single Command as Root

If a full shell is not needed — just one command with root privileges:

sudo command

This is the preferred method for one-off tasks — no need to enter a root shell and remember to exit it afterward.

Graphical Login as Root (GDM)

GNOME and GDM block graphical login as root — this is a shell restriction, not a system one. Running GNOME as root gives the entire desktop and all applications full superuser privileges, which creates serious risks.

If this is genuinely necessary, the PAM settings for GDM need to be modified:

sudo nano /etc/pam.d/gdm-password

Find the line and comment it out with #:

# auth required pam_succeed_if.so user != root quiet_success

After saving, the login manager will allow clicking "Not listed?", then entering the login root and its password.

⚠️ This is a dangerous configuration. In root mode, any running application — browser, email client, plugin — has full control over the system. Do not use on production or work machines.

Disable Root Password (Restore Default State)

If the root password was set but the standard Ubuntu policy needs to be restored:

sudo passwd -l root

The -l flag (lock) blocks the root account — password-based login becomes impossible again, while sudo continues to work normally.

Quick Reference