I've played around with sshd_config, and yes, I've already restricted root logins
Concerning pam... I've fiddled with pam, but not much. In this instance, however, I haven't touched anything. It's using the default authentication that comes with SLES/openSUSE.
My passwd file in /etc/pam.d contains the following:
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session