In /etc/ssh/sshd_config/ isn't it considered bad security to set and then leave PermitRootLogin yes?
It practically cuts the security surface in half, since every attacker knows that every Linux system has a 'root' account.
Wouldn't it be more prudent to, once services have been restarted (currently, around line 1318), set PermitRootLogin prohibit-password?
Interested to hear thoughts on this. I personally decided to set mine to prohibit-password.
vibecoder-fullstack-vps-quickstart/fullstack-harden.sh
Line 140 in 355ba97
In
/etc/ssh/sshd_config/isn't it considered bad security to set and then leavePermitRootLogin yes?It practically cuts the security surface in half, since every attacker knows that every Linux system has a 'root' account.
Wouldn't it be more prudent to, once services have been restarted (currently, around line 1318), set
PermitRootLogin prohibit-password?Interested to hear thoughts on this. I personally decided to set mine to prohibit-password.