Bug#403907: PermitRootLogin should be disabled by default
Package: ssh
Version: 1:4.3p2-7
Severity: wishlist
After installing, /etc/ssh/sshd_config is set to allow root logins. On
most systems, it doesn't make sense for root to log in directly. That
is, a user should log in and use su or sudo. If people really need
direct root logins, they should change their settings. IMO the default
should be a secure system, and the users must knowingly open holes in
it. That is, if they allow root logins, they will probably set a secure
root password as well.
Of course this is a matter of taste, which is why I marked it as
wishlist.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Versions of packages ssh depends on:
ii openssh-client 1:4.3p2-7 Secure shell client, an rlogin/rsh
ii openssh-server 1:4.3p2-7 Secure shell server, an rshd repla
ssh recommends no packages.
-- no debconf information
Reply to: