Currently in the configuration mode we can set an option to allow ssh access for the root account. This should not even be an option, since we don't have a password for the root user, and traditional users should not be aware of this option.
Service {
ssh { allow-root }
}