Level 1 - Server Level 1 - Workstation
The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no.
Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root via sudo or su. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident
Run the following command and verify that output matches:
# grep "^PermitRootLogin" /etc/ssh/sshd_config PermitRootLogin no
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
PermitRootLogin no