it’s not a good idea to give access for “root” direct login. The preferred method is login with a username and run “su” (Super User) to get the root access. However, root can still login “from the local terminal”.
To make this feature enable we need to modify sshd_conf with following changes.
1. Open /etc/ssh/sshd_config file with vim editor :-
[root@afzalkhan ~]#vim /etc/ssh/sshd_config
2. Make sure that below two mentioned flags are set with below value :-
Protocol 2
PermitRootLogin no
Briefly about this parameters :-
Protocol 2 : Protocol 2 the separate connection and authentication protocol are used
PermitRootLogin no : Disable root login via ssh. This will not allow root to connect using ssh protocol.
3. [root@afzalkhan ~]$ ssh -C root@192.168.0.50
root@192.168.0.50’s password:
Permission denied, please try again.
root@192.168.0.50’s password:
It will not allow root to direct login from remote host via ssh protocol.