ESXI-06-000014 - The SSH daemon must not permit root logins.


Permitting direct root login reduces auditable information about who ran privileged commands on the system and also allows direct attack attempts on root's password.


The root user should never be allowed to log in to a system directly over a network.

Add or correct the following line in '/etc/ssh/sshd_config':

PermitRootLogin no

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.