PermitRootLogin is a configuration option in the SSH server settings (typically found in the sshd_config file) that controls whether the root user is allowed to log in via SSH. Here are the possible values for this option:
-
yes: Allows root login via SSH. This is generally not recommended due to security risks. -
no: Disables root login via SSH. This is the recommended setting for better security. -
prohibit-password: Allows root login only with public key authentication, not with password authentication. -
forced-commands-only: Allows root login only for specific commands when using public key authentication.
To set this option, you would typically edit the sshd_config file (usually located at /etc/ssh/sshd_config) and add or modify the line:
PermitRootLogin noAfter making changes, restart the SSH service for them to take effect. Disabling root login enhances security by requiring users to log in with their own accounts and use sudo for administrative tasks.
