passwd -l root
In gutsy the above would simply lock the account by placing an ! in front of the passwd in your /etc/shadow file.
In hardy it now also sets the account as expired. Meaning you can’t ssh to it even if you have SSH keys in place.
Time to go and rebuild my EC2 AMI.
Update: To get the old behavour back you can do the following
passwd -l root usermod -e "" root