I have updated PermitRootLogin in /etc/ssh/sshd_config to no and issued a service ssh restart (multiple times) and I can still login via SSH as root using a public key. This should be blocked correct?
I have read the ...
FYI re. a solution. Restarting the service didn't cause the new settings to take effect. Rebooting the server did. No idea why that is the case.
Initial Server Setup