[Bug 1216] Warn via Logwatch when sshd PermitRootLogin is in effect

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 10 02:48:09 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1216

           Summary: Warn via Logwatch when sshd PermitRootLogin is in effect
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: russell.don at gmail.com


I originally entered this as a Linux Fedora Core 5 bug/rfe:
Ref. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201794
I was referred "upstream", and here I am. :-)

For various reasons, allowing root acess by default is desirable.
That's fine.... I'm not asking to change the default. 

It would be beneficial to bring that little gem to sysadmins' attention
by producing a periodic (daily) warning via the Logwatch report.

I would like to see something in my Logwatch report (SSHD section)
like:
Warning: root access is allowed via ssh. Ref /etc/ssh/sshd_config

Perhaps a new option in /etc/ssh/sshd_config:
PermitRootLoginWarn yes

Or, as the Fedora people suggested, perhaps a new value for the
PermitRootLogin option:
   yes - allow access (default)
   no  - deny access
   warn - implies "allow access", issue periodic (daily) warning via
logwatch mechanism.

Personally, I prefer a new option keyword, I think it is more clear.

Both options should be anabled by default, the syadmin can then make an
informed decision:

1 - turn off the warning (yes, I know, I want that)
2 - deny root logon (say what?! Thanks for telling me, I'll stop that
right now)
3 - I like seeing the warning everyday :-)

Thanks :-)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list