Thanks guys for your replies. I ended up editing /etc/securetty and etc/ssh/sshd_config. I didn't want to totally disallow root logins. I just wanted to know where I had to go to limit it. I do have a question about "wheel" group permissions. Is this the only way to limit who can use the su command?