Information
The PermitRootLogin value (in /etc/ssh/sshd_config) allows for direct root login by a
remote user/application to resources on the local host.
By default, it is not possible for the root account to log directly into the system console
because the account is configured as a role. This setting therefore does not significantly
alter the security posture of the system unless the root account is changed from this
default and configured to be a normal user.
Solution
Perform the following to implement the recommended state-# awk '/^PermitRootLogin/ { $2 = 'no' }
{ print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS
# mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config
# svcadm restart svc-/network/ssh