On Thu, 2005-01-06 at 21:04 +0100, Alexander Dalloz wrote: > > No, that would be silly. Reverting a security improvement just because > users do not RTFM? > > As commented too in the bugzilla entry the change is made long ago in > the upstream OpenSSH. See the FAQ > > http://www.openssh.org/faq.html#3.12 > http://www.openssh.org/faq.html#3.123 > > > PÃdraig Brady - http://www.pixelbeat.org > > Use OpenSSH properly and as documented and all is well. > I would like to see PermitRootLogin=no in the sshd_config file by default. If I'm not mistaken, that is the default for openssh out of the box, but the installed config (indicates anyway) that PermitRootLogin=yes. With things like the SSH password guessing worm running around, not allowing bad things to get in just because someones root password is weak is not a good thing. -- David Hollis <dhollis@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
