+1 b. On 21 July 2015 at 16:57, Matthew Vernon <matthew@xxxxxxxxxx> wrote: > Philipp Marek <philipp.marek@xxxxxxxxxx> writes: > > > > Future Deprecation Notice > > > ========================= > > > > > > The 7.0 release of OpenSSH, due for release in late July, will > > > deprecate several features, some of which may affect compatibility > > > or existing configurations. The intended changes are as follows: > > > > > > * The default for the sshd_config(5) PermitRootLogin option will > > > change from "yes" to "no". > > Uh, wouldn't "without-password" be a better alternative than "no"? > > I agree (quite strongly) - it's not like an admin is going to > accidentally set up an authorized_keys file for root. PermitRootLogin > without-password seems the correct default - it stops password-attacks > on root and makes it easy for admins to set up key-based access. > > Regards, > > Matthew > > -- > "At least you know where you are with Microsoft." > "True. I just wish I'd brought a paddle." > http://www.debian.org > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev