It has been fixed upstream: http://www.openssh.com/txt/release-6.9
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/510732 Title: OpenSSH server sshd_config PermitRootLogin -> NO Status in openssh package in Ubuntu: Opinion Bug description: Ubuntu does not use the root account directly so the PermitRootLogin directive in sshd_config should be set to "no" by default. This policy is backed by the upstream documentation: "For security reasons, it is bad practice to log in as root during regular use and maintenance of the system. Instead, administrators are encour- aged to add a ``regular'' user, add said user to the ``wheel'' group, then use the su(1) and sudo(8) commands when root privileges are re- quired. This process is described in more detail later." From : http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot Bruteforce attacks against the root account are now continual and have been for several years: http://arstechnica.com/security/news/2008/05/strong-passwords-no-panacea-as-ssh-brute-force-attacks-rise.ars If there are shortcomings in the the documentation and guides for sudo or how to use key-based autentication, then they should be addressed there so that this default setting can be set properly. Description: Ubuntu lucid (development branch) Release: 10.04 openssh-server: Installed: 1:5.2p1-2ubuntu1 Candidate: 1:5.2p1-2ubuntu1 Version table: *** 1:5.2p1-2ubuntu1 0 500 http://fi.archive.ubuntu.com lucid/main Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/510732/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
