If you want to give someone permission to login directly to the root login account via Secure Shell, you can define three methods of control with the PermitRootLogin configuration parameter in the sshd2_config file:

The default value yes enables root logins with any authentication method:

PermitRootLogin     yes

Use the value no to disable all logins with root privileges:

PermitRootLogin     no

With the value nopwd root logins are allowed only when an authentication method other than password is used:

PermitRootLogin     nopwd

It is also possible to create a separate subconfiguration file for root. See Defining Subconfigurations for more information.