"22.214.171.124.3. Disabling Root SSH Login
To prevent root logins via the SSH protocol, edit the SSH daemon's configuration file (/etc/ssh/sshd_config). Change the line that reads:
# PermitRootLogin yes to read as follows:
PermitRootLogin no" Kind of a wide cut if used, but it's another option if the PAM config isn't good enough. access.conf doesn't seem to be working. jdelete is able to log into more than what was originally indicated by the table.
pam_access.so has to be referenced by in /etc/pam.d/sshd. That library uses /etc/security/access.conf 
Or maybe not, becuase it's not referenced in roentgen's! Here's what looks to be the key line:
account required pam_access.so