I tend to set it to "without-password" to allow a remote root entry only via RSA/DSA keys, also making sure to restrict it further with as many applicable options for "AuthorizedKeysFile" ( man sshd )
This is done as a restricated remote root backdoor as well as automated network backups via dump & restore. Leaving it set to yes is just an invitation for people to brute force the root password. -- Steve On 26 Jun 2002, InfoEmergencias - Luis Gómez wrote: > Hi all > > Messing up with sshd_config for all the privsep stuff, I've noticed that > PermitRootLogin was set to yes in my three woody boxes. I usually > consider this a problem (although it has been my fault - i should have > checked and noticed this much time ago). What do you think of this? > > IMHO, we'd better set it to no. I always thought it was much better. Is > there any landscape in which you may want to allow direct root login to > your host? > > Regards, > > Luis > > -- > Luis Gómez Miralles > InfoEmergencias - Technical Department > Phone (+34) 654 24 01 34 > Fax (+34) 963 49 31 80 > [EMAIL PROTECTED] > > PGP Public Key available at http://www.infoemergencias.com/lgomez.asc > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/ACB58D4F = 0227 164B D680 9E13 9168 AE28 843F 57D7 ACB5 8D4F -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]