Permit root login should default should not be 'yes'

[phyrwork]

Seems like the sort of thing which should always be opt-in instead of opt-out.

How about 'prohibit-password' as an alternative?

[franklinkim]

Well, the idea in this case is that I don't want to log someone out of his server just because he didn't read the documentation... does that make sense!?

[phyrwork]

Sure, that makes sense, but on the flip side what if a person doesn't read the docs and opens root up for password authentication and has a crappy password because

I think a sensible thing to do would be to defer to whatever the default setting is, which for many(/all?) distributions is indeed 'prohibit-password'.

If someone gets locked out of a box because they didn't have a public key for root and/or didn't have another user to login as then, well, that's their fault.

[franklinkim]

Sure, I guess I will chance the behaviour once I do a major release some time in the future.
Don't want to change this without changing a lot so to make sure nobody is being locked out just because of updating this role :)

But thanks for the feedback and for any one else reading this, feel free to vote for the change.

[goetzk]

without-password sounds like a good choice to me.

The nice thing about a role is the role can probably check if if root has any entries in authorized_keys and warn.

[franklinkim]

Yes, that could be a nice add on.