>> 	I vote for whatever behavior compatible with stock OpenSSH, by default.
>> 	I don't think it wise to surprise people.
>i'd agree if it weren't for the fact that i don't agree with stock OpenSSH (which
>is to set it to yes.  am i correct?)  i'd rather surpise people if it means there
>is even the remotest chance of making things more secure.  would you rather be
>grumpy because you have to reconfig ssh or pissed off because your system was
>compromised.  i'm not saying that it will happen, just that it can.  and that's
>good enough for me.

	do you really want to change the DEFAULT behavior, or do you happy with
	changing sshd.conf locally?  i don't see your point.  if you believe
	secure shell protocol is secure enough, it should be okay to set
	PermitRootLogin to yes.  if there's any buffer overrun or other
	vulnerability, root privilege will get compromized anyways regardless
	from PermitRootLogin.  what kind of middle ground are you aiming for?

itojun