> Future Deprecation Notice > ========================= > > The 7.0 release of OpenSSH, due for release in late July, will > deprecate several features, some of which may affect compatibility > or existing configurations. The intended changes are as follows: > > * The default for the sshd_config(5) PermitRootLogin option will > change from "yes" to "no". Uh, wouldn't "without-password" be a better alternative than "no"? Getting the *first* authorized key on would still be "hard" (as in "ssh user@...", "su"|"sudo", "mkdir -m 0700 .ssh", "cat > .ssh/auth.."), but at least *further* keys could be done via "ssh-copy-id". I don't have any statistics handy, but I believe that public-key root authentication is widely used. (And sometimes needed - especially when something goes wrong, needing to authenticate as a normal user is one more thing that can go wrong - think NIS or LDAP failures, etc.) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev