By default the root account automatically have SSH access remotely. After installing CentOS and the SSH server, open any SSH client and attempt to sign on as root. Access will be granted.
To disable that, open SSH configuration file using the commands below.
sudo vi /etc/ssh/sshd_config
Then change the line as shown below :
#Authentication:
#LoginGranceTime 2m
PermitRootLogin no
#StrictMode yes
#MaxAuthTries 6
#MaxSessions 10
Change the highlighted line above by removing the # symbol. It should be like this:
PermitRootLogin no
Save the file and restart the SSH server by running the commands below.
sudo systemctl restart sshd.service
Now try logging in as root and you’ll be denied or access won’t be granted.
To re-enable the root account, just put the # symbol for the PermitRootLogin directive in the file and save it. The restart SSH server.
Another thing to remember is that SSH traffic blocked on the firewall by default. You won’t be able to access the SSH server remotely by default.
You must enable SSH through the firewall. To do that in CentOS 7, run the commands below.
firewall-cmd --permanent --zone=public --add-service=ssh
Then reload the firewall to connect.
firewall-cmd –reload
That’s it!
Enjoy!