Hmm. Wishlist is not the right category for a bug. Mathias, defaulting PermitRootLogin to "no" improves the layered process of 'security' for the default installation by adding another layer of protection and not relying on the hope that the root account will always remain disabled. Correcting the default setting for that directive adds an additional line of defense should the root account become activated, something which is easily done by accident, curiosity or misguided attempts at solving other problems. You can work that out for yourself.
My own recent anecdotes show that, on the Ubuntu forums and when dealing with about 150 students (from 2006-2009) whom I guided in laboratory exercises involving Ubuntu, root accounts do get activated. You can go to the page at the first link above to the people who write OpenSSH and read what they recommend: defaulting PermitRootLogin to no. Does that answer your question? See also http://wiki.centos.org/HowTos/Network/SecuringSSH#head- 9c01429983dccbf74ade8674815980dc6434d3ba https://calomel.org/openssh.html http://www.linux.com/archive/feature/119744/ -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
