Information
The PermitRootLogin parameter specifies if the root user can log in using SSH. The default is prohibit-password
Disallowing root logins over SSH requires system admins to authenticate using their own individual account, then escalating to root This limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident.
Solution
Edit the /etc/ssh/sshd_config file to set the PermitRootLogin parameter to no above any Include and Match entries as follows:
PermitRootLogin no
Note: First occurrence of an option takes precedence, Match set statements withstanding. If Include locations are enabled, used, and order of precedence is understood in your environment, the entry may be created in a file in Include location.