PermitRootLogin default (was: "PermitRootLogin no" should not proceed with root login)

Christoph Anton Mitterer calestyo at scientia.net
Mon Feb 23 09:53:36 AEDT 2015


On Sun, 2015-02-22 at 22:33 +0000, Philip Hands wrote: 
> P.S. I take it that you were not trying to say that there's anything you
> object to about the proposal to use "without-password" as the default?
Yes,... the upstream default should be either without-password or simply
no, actually, for security reasons I'd even prefer the later.

In the days of fully automated installation, puppet and Co. it can't be
so hard for sysadmins to change that value to something != no when this
is what they really want.


Distros, IMHO, can overwrite the defaults (if there's really good
reason),... but only in the config files, where everyone sees this.
Really changing the defaults in code is basically in most if not all
cases plain wrong (the only exceptions I could think of is, when
upstream would really set defaults which are horribly security critical
or may cause data corruption or things like that).


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150222/05ca1339/attachment.bin>


More information about the openssh-unix-dev mailing list