System wide open to sudo abuse but a safe method of remote connection and file transfer is blocked by default.. I just gotta shake my head at Canonical's decisions sometimes.

Do you remember if it was just a firewall thing or did they actually disable login in the SSH config?