tot-to <tot-to@xxxxxxxxxx> writes: ... > I aclually have a related question about the reasoning: > Why "PermitRootLogin no" is not a default option? "without-password" is the right default IMO, as suggested some time ago: https://bugzilla.mindrot.org/show_bug.cgi?id=2164 (and considerably earlier in Debian circles ;-) ) I'm glad to say that the default for the Debian package has finally switched to "without-pasword" for new installs in our upcoming release. I'd suggest it is pretty irresponsible allowing the default to remain as "yes" here upstream, especially given how popular brute-force attacks are these days. Given that nobody came up with any argument to maintain "Yes" as the default in response to that bug it seems a bit of a shame that inertia is apparently the controlling factor here. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
