Bug#431627: marked as done (ssh: PermitRootLogin yes??)

[Colin Watson <cjwatson@debian.org>]

On Tue, Jul 03, 2007 at 10:57:04PM +0000, Adam D. Barratt wrote:
> On Tue, 2007-07-03 at 17:17 -0500, Bob Tanner wrote:
> > Did a new install of lenny amd64 and I was surprised that 'PermitRootLogin yes'
> > was default setting in /etc/ssh/sshd_config. Is there a reason for this? Seem
> > insecure.
> 
> As far as I can see, it's been the default since January 2003.

July 2001, actually.

> Please see README.Debian. Specifically:
> 
>         Having PermitRootLogin set to yes means that an attacker that
>         knows the root password can ssh in directly (without having to
>         go via a user account). If you set it to no, then they must
>         compromise a normal user account. In the vast majority of
>         cases, this does not give added security
>         [...]
>         DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS
>         INCORRECT!
>         
>         The argument above is somewhat condensed; I have had this
>         discussion at great length with many people. If you think the
>         default is incorrect, and feel strongly enough to want to
>         argue with me about it, then send me email to
>         matthew@debian.org. I will close bug reports claiming the
>         default is incorrect.
> 
> I'm closing this report on the assumption that Colin's opinion is
> similar.

I'm of the same opinion, for much the same reasons as cited at more
length in README.Debian. Note that this is *not* a Debian change; the
upstream default is also to enable PermitRootLogin, and the change in
July 2001 was simply to revert to that.

> If not the documentation should be updated (which it probably
> should be to remove Matthew's address anyway :)

I think Matthew remains happy to argue with people about it. ;-)

-- 
Colin Watson                                       [cjwatson@debian.org]