I'm not a member of the Ubuntu Openssh team, so I don't know the real reason, all of this is mere speculation, but...
It is consistent with the policy of making only necessary changes from Debian. It means, if root login is disabled in Ubuntu, you don't gain anything from adding a new difference from upstream, a difference that you will have to manage in every release and update.
But while root login IS effectively disabled, having "PermitRootLogon yes" prevents fail2ban from being able to impose an IP ban on the offending address, because the expected error message is not logged in auth.log. For that reason, I have changed PermitRootLogon to "no".
I'm not a member of the Ubuntu Openssh team, so I don't know the real reason, all of this is mere speculation, but...
It is consistent with the policy of making only necessary changes from Debian. It means, if root login is disabled in Ubuntu, you don't gain anything from adding a new difference from upstream, a difference that you will have to manage in every release and update.
But while root login IS effectively disabled, having "PermitRootLogon yes" prevents fail2ban from being able to impose an IP ban on the offending address, because the expected error message is not logged in auth.log. For that reason, I have changed PermitRootLogon to "no".