The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the
following actions should the administrator take?
Create a firewall rule to block SSH
Delete the root account
Disable remote root logins
Ensure the root account has a strong password
Remote users log in to Unix or Linux servers by using SSH. Although SSH is secure, allowing remote access
as root is a security risk.
One of the biggest security holes you could open on a Unix or Linux server is to allow directly logging in as root
through SSH, because any cracker can attempt to brute force your root password and potentially get access to
your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary.
You should disable root ssh access by editing /etc/ssh/sshd_config to contain: