From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130

Description of problem:
The default sshd_config file included in the package allows the root user to log
in ("PermitRootLogin" is not "no").



Version-Release number of selected component (if applicable):
openssh-server-3.5p1-6

How reproducible:
Always

Steps to Reproduce:
1. Attempt to ssh in as root to a machine with a default sshd install

    

Actual Results:  The login is accepted.

Expected Results:  The login should have been denied.

Additional info:

This appears to also have been the case with various versions of Red Hat in the
past.

It can be debated whether this actually a bug or not, but for a product that's
supposedly secure out of the box, a root ssh login really should be disabled by
default.