diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh
index f3d063ab0..58dfcebdb 100644
--- a/bin/ncp/NETWORKING/SSH.sh
+++ b/bin/ncp/NETWORKING/SSH.sh
@@ -11,6 +11,13 @@
 install() {
   apt-get update
   apt-get install -y --no-install-recommends openssh-server
+  if grep '^PermitRootLogin' /etc/ssh/sshd_config
+  then
+    sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+  else
+    echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config
+  fi
+  systemctl reload ssh
  }
 
 is_active()
diff --git a/ncp.sh b/ncp.sh
index 4eff4a150..8813c60cd 100644
--- a/ncp.sh
+++ b/ncp.sh
@@ -83,7 +83,6 @@ EOF
   is_docker || is_lxc || {
     chsh -s /usr/sbin/nologin "$WEBADMIN"
     passwd -l root
-    sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin No/' /etc/ssh/sshd_config
   }
 
   ## NCP LAUNCHER
diff --git a/updates/1.54.0.sh b/updates/1.54.0.sh
index 5305f87a5..ffbe15a3b 100644
--- a/updates/1.54.0.sh
+++ b/updates/1.54.0.sh
@@ -7,7 +7,13 @@ if getent passwd "root" | grep -e '/usr/sbin/nologin'
 then
   chsh -s /bin/bash root
   passwd -l root
-  sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin No/' /etc/ssh/sshd_config
+  if grep '^PermitRootLogin' /etc/ssh/sshd_config
+  then
+    sed -i -e 's/^PermitRootLogin.*$/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+  else
+    echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config
+  fi
+  systemctl reload ssh
 fi
 echo "done."