PermitRootLogin default (was: "PermitRootLogin no" should not proceed with root login)

Philip Hands phil at
Sun Feb 22 10:36:10 AEDT 2015

tot-to <tot-to at> writes:

> I aclually have a related question about the reasoning:
> Why "PermitRootLogin no" is not a default option?

"without-password" is the right default IMO, as suggested some time ago:

(and considerably earlier in Debian circles ;-) )

I'm glad to say that the default for the Debian package has finally
switched to "without-pasword" for new installs in our upcoming release.

I'd suggest it is pretty irresponsible allowing the default to remain as
"yes" here upstream, especially given how popular brute-force attacks
are these days.

Given that nobody came up with any argument to maintain "Yes" as the
default in response to that bug it seems a bit of a shame that inertia
is apparently the controlling factor here.

Cheers, Phil.
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list