Disabling direct root logins prevents someone who knows that every Linux server has a "root" user but doesn't know any usernames on your system from guessing the password and logging in as root. There is a catch - if you disable root login immediately, you will not be able to administer your server from SSH as root.
This How-To document tells you what you'll need to do to ensure that you can access SSH and promote your wheel user to the root user.
The easiest way to create a user is to create an additional cPanel user. If you choose this method, it will count towards your total cPanel users for licensing purposes, so you cannot use this method on a cPanel Solo server. You can also create a system (Linux) user with the adduser command.
Once you have a username, you can go to WHM » Manage wheel group users and move the user you've just created into the wheel group. This step allows the user access to the sudo and su commands.
It is crucial that you test access at this point in the process. Ensure that the user you created can log in via ssh and use the command
sudo su (and their password) or just
su (and the root password) to gain root privileges. You can tell that the user has root privileges if the command
whoami returns "root". If neither
sudo su nor
su works, do not proceed because you will lock yourself (and us) out. If you cannot continue because you cannot gain root access with the wheel user, please see the help article for "How to create sudo users".
Only after you've ensured that you can log into the server and gain root access with the wheel user you created, you'll want to prevent root from logging-in directly. You'll do that by editing the file at /etc/sshd_conf. The only value you wish to change at this time is PermitRootLogin, which you want to set to "no". I do suggest making the other changes proposed in that documentation, but I recommend making the changes one at a time. That way, if something goes wrong, you know which change has caused the problem.
Once you've edited /etc/sshd_conf, you'll need to restart SSH, which will disconnect your current session. This is why it is important that you made sure you could log in previously. Test one more time, and then you're good to proceed with any other changes you wish to make to harden your SSH configuration.