[Bug 1216] Warn via Logwatch when sshd PermitRootLogin is in effect
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 10 02:48:09 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1216
Summary: Warn via Logwatch when sshd PermitRootLogin is in effect
Product: Portable OpenSSH
Version: 4.3p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: russell.don at gmail.com
I originally entered this as a Linux Fedora Core 5 bug/rfe:
Ref. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201794
I was referred "upstream", and here I am. :-)
For various reasons, allowing root acess by default is desirable.
That's fine.... I'm not asking to change the default.
It would be beneficial to bring that little gem to sysadmins' attention
by producing a periodic (daily) warning via the Logwatch report.
I would like to see something in my Logwatch report (SSHD section)
like:
Warning: root access is allowed via ssh. Ref /etc/ssh/sshd_config
Perhaps a new option in /etc/ssh/sshd_config:
PermitRootLoginWarn yes
Or, as the Fedora people suggested, perhaps a new value for the
PermitRootLogin option:
yes - allow access (default)
no - deny access
warn - implies "allow access", issue periodic (daily) warning via
logwatch mechanism.
Personally, I prefer a new option keyword, I think it is more clear.
Both options should be anabled by default, the syadmin can then make an
informed decision:
1 - turn off the warning (yes, I know, I want that)
2 - deny root logon (say what?! Thanks for telling me, I'll stop that
right now)
3 - I like seeing the warning everyday :-)
Thanks :-)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list