Information
The PermitRootLogin value (in /etc/ssh/sshd_config) allows for direct root login by a remote user/application to resources on the local host.
By default, it is not possible for the root account to log directly into the system console because the account is configured as a role. This setting therefore does not significantly alter the security posture of the system unless the root account is changed from this default and configured to be a normal user.
Solution
Perform the following to implement the recommended state:
# awk '/^PermitRootLogin/ { $2 = "no" } { print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS # mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config # svcadm restart svc:/network/ssh