Incidentally, my reasoning for "true by default" in the package is basically the bootstrapping problem; I don't want this to be a nasty surprise for people with existing deployment strategies. Changing PermitRootLogin was controversy enough. But I don't mind what the setting of this on server images is.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576353 Title: Install openssh-server with disabled password auth by default on servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-cdimage/+bug/1576353/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs