Bug#271822: PermitRootLogin without-password actually does the same as PermitRootLogin yes

[Jonas Meurer <jonas@freesources.org>]

On 29/09/2004 Christian Guggenberger wrote:
> On Fri, 2004-09-24 at 16:27 +0200, Jonas Meurer wrote:
> > you _always_ have to turn on PasswordAuthentication, to still allow
> > normal users logins, that's the relevant point. the setting of
> > ChallengeResponseAuthentification doesn't matter for that issue.
> 
> well, that's not true. Even with PasswordAuthentication set no, "normal"
> users will be allowed in with their passwords via ChallengeResponse
> Authentification/PAM. In that case ChallengeResponseAuthentification
> really _does_ matter.

ok, but in this case root login without key still works.

> But, as discussed earlier, then you have to disallow root logins
> completely via ssh - the "without-password" option is not as fine
> granulated as should/could be; it does not distinguish between ssh
> rsd/dsa keys and s/keys. I think upstream is working on a finer
> granulated scheme for that option. (i don't have the related openssh
> bugID handy, sorry)

what do you mean with that? what i would like to see, is a "Permission
denied (publickey)" for root login attempts without key, and still
working non-key logins for other users.

bye
 jonas