2014-11-21 8:11 GMT+01:00 P J P pj.pandit@yahoo.co.in:
Sshd(8) daemon by default allows remote users to login as root.
- Is that really necessary?
- Lot of users use their systems as root, without even creating a
non-root user. Such practices need to be discouraged, not allowing remote root login could be useful in that.
Does it make sense to disable remote root login by default? If so, do we need to just report it to the maintainer or it would be treated as a feature?
IIRC, the main reason for PermitRootLogin being enabled by default was to prevent a remote server from becoming inaccessible in cases such as a network mounted /home suddenly becoming unavailable.
Regards Christian