Although the configuration of an SSH server is beyond the scope of this documentation, there are some helpful hints below. If root login is not required then it should not be enabled.
Adding the line below to the /etc/sshd_config file on the SSH server will only allow the user(s) specified to login via SSH.
#Allow Users AllowUsers admin root
Adding the line below to the /etc/sshd_config file on the SSH server will only allow the user(s) specified to login via SSH. In addition, the root user will only be able to connect from a machine with an IP address of 192.168.1.2
#Allow Users AllowUsers admin root@192.168.1.2
An other possibility is to add the following into the /etc/pam.d/sshd file if you wish to restrict root logins only from a specific IP address, in this case 192.168.1.2. If you use this approach you should test that after a restart of the system every thing is working as expected. Finally, keep in mind that managing this with PAM is potentially another complexity you are adding to your system.
+:root:192.168.12 -:root:ALL
Adding the line below to the /etc/sshd_config file on the SSH server will disable password authentication.
#Disable Password Authentication PasswordAuthentication no
Adding the line below to the /etc/sshd_config file on the SSH server will allow root logins provided authentication is not performed with a password. You should be carful with this option and carefully test the expected behavior. There are a number of potential options which have potential to conflict with this directive.
#Disable Root Login #PermitRootLogin yes # (optional) PermitRootLogin without-password