"PermitRootLogin no" should not proceed with root login

Damien Miller djm at mindrot.org
Sun Feb 22 08:02:11 AEDT 2015

On Sat, 21 Feb 2015, tot-to wrote:

> Steps to reproduce:
> 1) PermitRootLogin no in sshd_config
> 2) login with "root" user from other host
> Present behaviour:
> 1) it asks for password 3 times and only then close the connection.
> 2) cpu consumption during bruteforce "attacks".

This is intentional behaviour. The intention is to not give clues as
to which accounts may be valid for login.

> Expected behaviour:
> Immediate disconnect/login fail

If you want this, then use:

Match user root
	MaxAuthTries 0

More information about the openssh-unix-dev mailing list