PermitRootLogin:
The PermitRootLogin options solely determine whether direct login as the root user via SSH to the server is permissible.
The valid arguments for this directive are: no, yes, forced-commands-only, and without-password.
NOTE:
The without-password option has been deprecated and, in newer versions of OpenSSH 7.0 and above, prohibit-password is used instead.
- PermitRootLogin without-password (or PermitRootLogin prohibit-password):
This setting permits root login exclusively through public key authentication. It’s commonly employed for shell scripts and automated tasks. - PermitRootLogin no:
Prohibits direct root logins to the server (although subsequent root login via “su –” is possible after initially logging in as a regular user). - PermitRootLogin yes:
Enables direct root logins. - PermitRootLoginforced-commands-only:
Allows public key authentication, but only if the command option has been specified. This might be beneficial for remote backups, even if all possible methods for root login aren’t permitted.
PasswordAuthentication:
The PasswordAuthentication option informs us whether users can access the server using their password or not.
The acceptable arguments are limited to “no” and “yes,” with the default setting being “yes.”
A. PasswordAuthentication yes: This enables password authentication (this option should correspond with UsePAM set to “yes“).
B. PasswordAuthentication no: This disables password authentication, permitting login solely with the public key. This setting should be complemented by ChallengeResponseAuthentication set to “no” and PubkeyAuthentication set to “yes.”
