> 	do you really want to change the DEFAULT behavior, or do you happy with
> 	changing sshd.conf locally?  i don't see your point.  if you believe
> 	secure shell protocol is secure enough, it should be okay to set
> 	PermitRootLogin to yes.  if there's any buffer overrun or other
> 	vulnerability, root privilege will get compromized anyways regardless
> 	from PermitRootLogin.  what kind of middle ground are you aiming for?

the middle ground of extreme caution.  you see, for me, it would mean that i
*don't* have to edit sshd.conf since i turn root login off on all my machines.

given a choice, i'll err in favor of caution every time.

-brian