Question: I have heard that enabling root login in SSH can be a security risk. Is that true, and if so, how do I disable it?
Answer: The truth is that having root logins enabled is not in itself a security risk. The real risk comes from having an easily hacked root password or non-secure web applications on your server that allow hackers to decipher the root password. Disabling root login gives those hackers one less avenue to exploit, and if you do not need to login directly as root through SSH, there is really no reason to have it enabled.
Actually disabling the root login is not nearly as complicated as my above explanation. Just follow these steps:
1. Login to your server via SSH
2. Become root:
su
3. Edit /etc/ssh/ssh_config
4. Add the following line:
PermitRootLogin no
5. Save and exit
Photo Source: Flickr