$ grep PermitRootLogin /etc/ssh/sshd_config

#PermitRootLogin yes

PermitRootLogin forced-commands-only

# the setting of "PermitRootLogin without-password".

如果设置without-password 那么root可以登录，但是不允许通过密码ssh登陆

如果设置forced-commands-only，则可以登录，但是登陆后不能进入交互，而是执行指定的命令后 自动退出，指定的命令在authorized_keys里面列出例如/bin/date

 PermitRootLogin

             Specifies whether root can log in using ssh(1).  The argument must be “yes”,

             “without-password”, “forced-commands-only”, or “no”.  The default is “yes”.

             If this option is set to “without-password”, password authentication is disabled for root.

             If this option is set to “forced-commands-only”, root login with public key authentication

             will be allowed, but only if the command option has been specified (which may be useful for

             taking remote backups even if root login is normally not allowed).  All other authentica‐

             tion methods are disabled for root.

             If this option is set to “no”, root is not allowed to log in.

How to configure sshd to allow root to run a command on a remote server without logging in

https://www.novell.com/support/kb/doc.php?id=7007565

Linux SSH配置和禁止Root远程登陆设置

http://tzsky.blog.51cto.com/1062094/258680

Linux 修改SSH端口 和 禁止Root远程登陆

http://blog.csdn.net/tianlesoftware/article/details/6201898