Skip to content

PermitRootLogin left open #6

New issue
New issue
Open
Open
PermitRootLogin left open#6
@cryptopatrick

Description

@cryptopatrick
cryptopatrick
opened on Aug 13, 2025

vibecoder-fullstack-vps-quickstart/fullstack-harden.sh

Line 140 in 355ba97

PermitRootLogin yes

In /etc/ssh/sshd_config/ isn't it considered bad security to set and then leave PermitRootLogin yes?
It practically cuts the security surface in half, since every attacker knows that every Linux system has a 'root' account.

Wouldn't it be more prudent to, once services have been restarted (currently, around line 1318), set PermitRootLogin prohibit-password?

Interested to hear thoughts on this. I personally decided to set mine to prohibit-password.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions