# Don't allow empty passwords (default).
PermitEmptyPasswords no
-# Allow root-login only with public keys.
-PermitRootLogin without-password
+# Allow root-login only with public keys (default).
+PermitRootLogin prohibit-password
# Be strict when checking user file permissions (default).
StrictModes yes