[Bug 2061] Request for PermitRootLogin to be enforced prior to credential check

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 5 11:09:57 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2061

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
In general we try to leak as little information as possible to a
potential attacker, and this would give them an early warning that
they'll be denied by policy.  (strictly by that policy sshd wouldn't
tell you why it's not permitting the login at all, so in theory we
should be removing the ROOT LOGIN REFUSED message entirely).

sorry, but if anything we'll be making it less obvious rather than
more.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list