[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#403907: PermitRootLogin should be disabled by default

Package: ssh
Version: 1:4.3p2-7
Severity: wishlist

After installing, /etc/ssh/sshd_config is set to allow root logins.  On 
most systems, it doesn't make sense for root to log in directly.  That 
is, a user should log in and use su or sudo.  If people really need 
direct root logins, they should change their settings.  IMO the default 
should be a secure system, and the users must knowingly open holes in 
it.  That is, if they allow root logins, they will probably set a secure 
root password as well.

Of course this is a matter of taste, which is why I marked it as 

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)

Versions of packages ssh depends on:
ii  openssh-client                1:4.3p2-7  Secure shell client, an rlogin/rsh
ii  openssh-server                1:4.3p2-7  Secure shell server, an rshd repla

ssh recommends no packages.

-- no debconf information

Reply to: