4.2.2 Configuring SSH - disabling direct root access

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The recommendation is to edit the /etc/ssh/sshd_config file to disable direct root login. By default direct root login via SSH is enabled.

All root access should be facilitated through a local logon with a unique and identifiable user ID and then via the su command once locally authenticated. Direct root login is extremely insecure and offers little in the way of audit trailing for accountability.


Edit the /etc/ssh/sshd_config file and disable direct root login for SSH-

vi /etc/ssh/sshd_config


#PermitRootLogin yes


PermitRootLogin no

Re-cycle the sshd daemon to pick up the configuration changes-

stopsrc -s sshd
startsrc -s sshd

See Also