Re: "PermitRootLogin no" should not proceed with root login

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 21 Feb 2015, tot-to wrote:

> Steps to reproduce:
> 1) PermitRootLogin no in sshd_config
> 2) login with "root" user from other host
> 
> Present behaviour:
> 1) it asks for password 3 times and only then close the connection.
> 2) cpu consumption during bruteforce "attacks".

This is intentional behaviour. The intention is to not give clues as
to which accounts may be valid for login.

> Expected behaviour:
> Immediate disconnect/login fail

If you want this, then use:

Match user root
	MaxAuthTries 0
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux