[CentOS] Using "root" Type User Via Forwarding-SSH-Tunnel Inside Non-Root SSH Connection

Thu Apr 4 17:22:59 UTC 2013
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

Bry8 Star wrote:
> Hi,
> QUESTION:
> what implications are there when using the "root" or a root type of
> account via a port-forwarding ssh-tunnel inside (or on top of)
> another non-root type of user's ssh-tunnel ?
>
> Is such double layer of encryption brings more security or system
> still vulnerable same as single layer of SSH encryption ?
>
<snip>
>
> QUESTION:
> what is/are better practice(s) (to secure CentOS server related to
> SSH) ?
>
> QUESTION/Possible-SOLUTION:
> Should i remove the "root at 127.0.0.1" from "AllowUsers" and add
> "PermitRootLogin no" line in /etc/sshd_config file ?

your current setup is a bit complex, I can't comment on whether it gains 
you anything compared to direct ssh connection as whatever user you need 
to be (not root), and relying on sudo to elevate your admin user's 
privileges.
But yes I would recommend disabling root login, and using only keys if 
you can (ie disabling passwords).
This could be a useful read:
http://wiki.centos.org/HowTos/Network/SecuringSSH