got message from watch dog but don't know what to do

[dexcell]

hello

i got this message in my mail box

[01:21:53] ------------------------- Security advisories -------------------------
[01:22:01] Warning: root login possible. Change for your safety the 'PermitRootLogin'

what should i do to improve my safety? create a new user?

note: i am using root to login into my SSH . is this bad?

 

[lib99]

Your using root to login via SSH is not the problem. The warning is to let you know others can attempt root access via ssh. The PermitRootLogin setting can be found in your sshd_config file.

There are various ways to tackle this problem depending on your network/server architecture. One way is to not allow root log in via ssh and always use an alternate account. Another is to use firewall restrictions for limiting ssh access. If you do continue to allow root access, you should make sure to use a strong password. (Actually, it's good practice to use strong passwords for any user accounts. Particularly if the server is accessible by the public.)

The e-mail is a warning. It doesn't necessarily mean your server has been compromised. You should however consider methods for securing that will work for you. Try searching the internet for recommendations on securing ssh.