首先看一下sshd_config中关于PermitRootLogin的配置信息：

# grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
# the setting of "PermitRootLogin without-password".

那么PermitRootLogin without-password又是什么意义呢？

PermitRootLogin 配置项都有哪些配置参数？

常见：yes，no

比较陌生：without-password，forced-commands-only，

PermitRootLogin 配置详解：

Specifies whether root can log in using ssh(1).  The argument must be “yes”,
“without-password”, “forced-commands-only”, or “no”.  The default is “yes”.
If this option is set to “without-password”, password authentication is disabled for root.
If this option is set to “forced-commands-only”, root login with public key authentication
will be allowed, but only if the command option has been specified (which may be useful for
taking remote backups even if root login is normally not allowed).  All other authentica‐
tion methods are disabled for root.
If this option is set to “no”, root is not allowed to log in.

大概意思：
PermitRootLogin如果不设置，默认是yes,也就是root可以登录
如果设置without-password 那么root可以登录，但是不允许通过密码ssh登陆
如果设置no, root不许登陆
如果设置forced-commands-only，则可以登录，但是登陆后不能进入交互，而是执行指定的命令后 自动退出，

现在就比较清楚啦