Ploi automatically configures your servers SSH daemon with PermitRootLogin prohibit-password which is excellent. However nothing is stopping the user from changing this back for whatever reason. It might be a good new insight that checks what the value is and prompts to revert it to the secure version.
