Prevent Direct root Login via SSH

Direct root login via SSH should be disabled, the reason for doing so is to prevent anyone from being able to brute force the login credentials for root via ssh and therefore compromise the security of the host.  By disabling root login any attacker would now have to guess both the user account name and password which obviously makes it more difficult for them to get onto the host.  If you combine password complexity with your accounts you should have a fairly robust level of security in place for your users.

To enable this feature you need to perform the following steps:

1. Login to the host via ssh or direct console access

2. Change directories to /etc/ssh/

3. Edit the file sshd_config using an editor such as ‘vi’

4. Change the line “PermitRootLogin” to “PermitRootLogin no”

5. Restart the sshd daemon.