By default, the 'root' user is prevented from logging in directly via SSH on many modern VMware appliances, including the VMware Live Recovery appliance.

This can be validated by verifying the "/etc/ssh/sshd_config" file within the appliance. It will have "PermitRootLogin" parameter set to "no", which prevents direct log in to root via SSH.

'root' login greatly increases the risk if the root password is compromised. If an attacker gains access as root, they have immediate, unrestricted access to the entire operating system and all its configurations.

The practice of forcing an initial login as a lower-privileged user (admin or a similar management user) who then elevates privileges (su or sudo) is a standard security best practice in the Linux world.

Consider this:

1. Connect via SSH using the admin user account. This account is generally used for appliance management and may have restricted shell access.

   Now the login is tied to the admin user, providing an audit trail.

2. Next, using "su -" or "su root" command, switch the user context to root. This requires the root password.

   This step forces you to explicitly and intentionally elevate to the highest privilege level, making it harder to accidentally execute destructive commands.