Its always better to disable ssh access to root user which will protect the server from any attacks. Its kind of additional security layer on top of firewall.
There are 2 ways to disable SSH access to root.
With DenyUsers:
In /etc/ssh/sshd_config file search for line DenyUsers, if it exists edit it as follows else add following line:
DenyUsers root
If you want to disable ssh login for multiple users on the server add as following:
DenyUsers root user1 user2 user3
After updating sshd_config add restart sshd service with following command:
$ service sshd restart
Now try to ssh to root, it should not allow login even though you entered right password.
With PermitRootLogin:
PermitRootLogin will support 2 options “yes” and “no”.
Option yes will allow ssh to root and option no wont allow ssh to root.
To allow ssh to root add following line in /etc/ssh/sshd_config file and restart sshd service:
PermitRootLogin yes
To disable ssh to root add following line in /etc/ssh/sshd_config file and restart sshd service:
PermitRootLogin no
-Sany