673 B
673 B
---id: V-72247 status: implemented tag: sshd ---
The PermitRootLogin
configuration is set to
no
in /etc/ssh/sshd_config
and sshd is
restarted.
Deployers can select another setting for PermitRootLogin, from the
available options without-password
,
prohibit-password
, forced-commands-only
,
yes
, or no
by setting the following
variable:
security_sshd_permit_root_login: no
Warning
Ensure that a regular user account exists with a pathway to root
access (preferably via sudo
) before applying the security
role. This configuration change disallows any direct logins with the
root
user.