On Thu, 2005-01-06 at 21:04 +0100, Alexander Dalloz wrote:
No, that would be silly. Reverting a security improvement just because
users do not RTFM?
As commented too in the bugzilla entry the change is made long ago in
the upstream OpenSSH. See the FAQ
http://www.openssh.org/faq.html#3.12
http://www.openssh.org/faq.html#3.123
> Pádraig Brady -
http://www.pixelbeat.org
Use OpenSSH properly and as documented and all is well.
I would like to see PermitRootLogin=no in the sshd_config file by
default. If I'm not mistaken, that is the default for openssh out of
the box, but the installed config (indicates anyway) that
PermitRootLogin=yes. With things like the SSH password guessing worm
running around, not allowing bad things to get in just because someones
root password is weak is not a good thing.
--
David Hollis <dhollis(a)davehollis.com>