SSHD - Change default security
This only effects fresh installs.
* Allow root logins via public key only (previously: root logins not allowed
at all via ssh). I've done this for years, it allows an authorized_keys
file in ~root/.ssh to work without having to adjust /etc/ssh/sshd_config
on every install.
* Do not allow any login, root or otherwise, via tunneled plaintext password
(previously: non-root logins were allowed via plaintext password).
Often people want plaintext passwords on e.g. workstations for xdm or
console logins, but do not want to allow their use over networked
connections. Since tunneled plaintext passwords are not considered very
secure and alternatives exist (aka public key logins) we now disallow
them by default.