Bug#271822: PermitRootLogin without-password actually does the same as PermitRootLogin yes
On 29/09/2004 Christian Guggenberger wrote:
> On Fri, 2004-09-24 at 16:27 +0200, Jonas Meurer wrote:
> > you _always_ have to turn on PasswordAuthentication, to still allow
> > normal users logins, that's the relevant point. the setting of
> > ChallengeResponseAuthentification doesn't matter for that issue.
>
> well, that's not true. Even with PasswordAuthentication set no, "normal"
> users will be allowed in with their passwords via ChallengeResponse
> Authentification/PAM. In that case ChallengeResponseAuthentification
> really _does_ matter.
ok, but in this case root login without key still works.
> But, as discussed earlier, then you have to disallow root logins
> completely via ssh - the "without-password" option is not as fine
> granulated as should/could be; it does not distinguish between ssh
> rsd/dsa keys and s/keys. I think upstream is working on a finer
> granulated scheme for that option. (i don't have the related openssh
> bugID handy, sorry)
what do you mean with that? what i would like to see, is a "Permission
denied (publickey)" for root login attempts without key, and still
working non-key logins for other users.
bye
jonas
Reply to: