|
|
|
|
|
|
by michaelmior
4425 days ago
|
|
|
I'm not really on one side of the argument or the other, but disabling root login means that an attacker doesn't automatically know the name of an account where login is permitted for one. Certainly not the best security mechanism, but if there happened to be some 0-day on the SSH server, you're much more likely to be safe from automated attacks. |
|
|
Though direct remote code execution is probably much, much more likely than authentication bypass.