SSH default PermitRootLogin setting (was: Security of using sudo rather than su?)

Paul Sladen ubuntu at
Sun Sep 17 18:14:41 UTC 2006

On Sun, 17 Sep 2006, Alexander Skwar wrote:
> > PermitRootLogin yes     ## << My emphasis
> Interesting. Why do they enable default settings?

There's a whole thread about the 'PermitRootLogin' setting from 2003:

The simple answer is that nobody could agree on what the setting should be
in Debian, so the choice was to go with upstream.  Letting the intention of
the original authors make that choice instead.

The original authors of OpenSSH, namely OpenBSD, choose to ship the default
configuration with "PermitRootLogin yes".  So that is what it is set to.

My own personal belief is that I would /prefer/ the default setting to be
"PermitRootLogin without-password", meaning that /only/ root logins using a
pair of cryptographic keys will work out of the box.  These logins would
have to be configured by an administrator beforehand by sharing the
necessary SSH keys.

However, I'm not the 'openssh' Debian maintainer can't make a change
directly.  If you would like Ubuntu to override the default configuration,
then the best course of action is to start by filing a bug-report, stating
that you believe that the default setting should be altered:

High on a tall bridge, surrounded by noisy lorries.  Southampton, GB

More information about the ubuntu-users mailing list