One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.
To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.
Disable SSH Root Login
SSH server settings are stored in the /etc/ssh/sshd_config file. To disable root logins, make sure you have the following entry:
# nano /etc/ssh/sshd_config
Search for the following line in the file.
#PermitRootLogin no
Remove the ‘#‘ from the beginning of the line.
PermitRootLogin no
Restart SSH service:
# service sshd restart
Try to login with root user (you see the error message “Access Denied”).
Now, log in as a normal user and then use the command “su” to switch to root user
Enable SSH Root Login
To enable ssh root logging edit /etc/ssh/sshd_config file.
# nano /etc/ssh/sshd_config
Search for the following line and put the ‘#‘ at the beginning and save.
# PermitRootLogin no
Restart the sshd service:
# service sshd restart
Try to login with root user.
Limit SSH User Logins
SSH logins can be limited to only certain users who need remote access. If you have many user accounts on the system then it makes sense to limit remote access to only those that really need it thus limiting the impact of a casual user having a weak password. Add an AllowUsers line followed by a space separated list of usernames to/etc/ssh/sshd_config. For example:
# nano /etc/ssh/sshd_config
AllowUsers lintut gandalf
and restart the sshd service:
# service sshd restart
Read also: Install and configure OpenSSH on RHEL/Centos, Fedora, Debian, Ubuntu linux