Re: PermitRootLogin default (was: "PermitRootLogin no" should not proceed with root login)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, 2015-02-22 at 22:33 +0000, Philip Hands wrote: 
> P.S. I take it that you were not trying to say that there's anything you
> object to about the proposal to use "without-password" as the default?
Yes,... the upstream default should be either without-password or simply
no, actually, for security reasons I'd even prefer the later.

In the days of fully automated installation, puppet and Co. it can't be
so hard for sysadmins to change that value to something != no when this
is what they really want.


Distros, IMHO, can overwrite the defaults (if there's really good
reason),... but only in the config files, where everyone sees this.
Really changing the defaults in code is basically in most if not all
cases plain wrong (the only exceptions I could think of is, when
upstream would really set defaults which are horribly security critical
or may cause data corruption or things like that).


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux