diff --git a/src/routes/support.js b/src/routes/support.js
index 3229eb4b7..756a1dcc1 100644
--- a/src/routes/support.js
+++ b/src/routes/support.js
@@ -59,6 +59,10 @@ async function canEnableRemoteSupport(req, res, next) {
 
     if (!supportConfig.remoteSupport) return next(new HttpError(405, 'feature disabled by admin'));
 
+    const sshdConfig = safe.fs.readFileSync('/etc/ssh/sshd_config', 'utf8');
+    if (!sshdConfig) return next(new HttpError(412, 'Failed to read sshd config'));
+    if (!sshdConfig.split('\n').find(function (line) { return line.search(/^PermitRootLogin.*yes/) !== -1; })) return next(new HttpError(417, 'Set "PermitRootLogin yes" in /etc/ssh/sshd_config'));
+
     next();
 }