Yes
PermitRootLogin no
prevents root from logging in.
I think I read that you were finally able to verify that.
The stop scripts aren't always perfect. They are intended to be able to stop the daemon in a fairly well-known and well-behaved state.
I've seen many "bugs" in the start/stop scripts over the years, but it's always easy to catch a problem when it actually happens rather than in the development stage;>) Processes can hang up and be unkillable, pid files (if used by the particular start/stop subsystem) can be missing or have wrong values in them -- in short, various and sundry things can go wrong.
In general, a simple /init.d/xxx start followed by a /init.d/xxx stop will almost always work.
In this case, the /init.d/secsh is doing a very meager job of really trying to kill sshd:
kill `cat $WHAT_PID`
.
So, if the PID file didn't exist, or had wrong value, it wouldn't work.
In the past these scripts usually tried to do a 'ps' to determine if the relevant daemon was running and then kill it.
Also, if the 'kill' didn't work, the stop also wouldn't be complete. IMHO, it probably should try a 'kill -9' if the plain 'kill' didn't work
hth
bv
"The lyf so short, the craft so long to lerne." - Chaucer
