Information
The PermitRootLogin parameter specifies if the root user can log in using SSH. The default is prohibit-password
Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root This limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident.
Solution
Edit the /etc/ssh/sshd_config file to set the PermitRootLogin parameter to no above any Match entries as follows:
PermitRootLogin no
Note: First occurrence of a option takes precedence, Match set statements withstanding.