673 B
673 B
---id: V-72247 status: implemented tag: sshd ---
The PermitRootLogin configuration is set to
no in /etc/ssh/sshd_config and sshd is
restarted.
Deployers can select another setting for PermitRootLogin, from the
available options without-password,
prohibit-password, forced-commands-only,
yes, or no by setting the following
variable:
security_sshd_permit_root_login: noWarning
Ensure that a regular user account exists with a pathway to root
access (preferably via sudo) before applying the security
role. This configuration change disallows any direct logins with the
root user.