So, it’s not a good practice to allow direct root login via SSH session and recommend to create non root accounts with sudo access. Whenever root access needed, first logged in as normal user and then use su to switch over to root user. To disable direct SSH root logins, follow our below article that shows how to disable and limit root login in SSH.

Disable SSH Root Login and Limit SSH Access
However, this guide shows a simple way to know when someone logged in as root or normal user it should send an email alert notification to the specified email address along with the IP address of last login. //

 echo 'ALERT - Root Shell Access (server) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" name@example.com