You can deny SSH login with the accounts with administrator privileges. In such cases, if you must carry out any privileged actions in your SSH session, you'll have to use runas. If you do, a duplicate of the general public crucial is saved as part of your ~/.ssh/known_hosts file so https://augustnswae.webbuzzfeed.com/30437108/the-single-best-strategy-to-use-for-servicessh