Bug#403907: PermitRootLogin should be disabled by default

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#403907: PermitRootLogin should be disabled by default
From: Bas Wijnen <wijnen@debian.org>
Date: Wed, 20 Dec 2006 17:13:06 +0100
Message-id: <[🔎] 20061220161306.6514.27124.reportbug@neurob20.phys.rug.nl>
Reply-to: Bas Wijnen <wijnen@debian.org>, 403907@bugs.debian.org

Package: ssh
Version: 1:4.3p2-7
Severity: wishlist

After installing, /etc/ssh/sshd_config is set to allow root logins.  On 
most systems, it doesn't make sense for root to log in directly.  That 
is, a user should log in and use su or sudo.  If people really need 
direct root logins, they should change their settings.  IMO the default 
should be a secure system, and the users must knowingly open holes in 
it.  That is, if they allow root logins, they will probably set a secure 
root password as well.

Of course this is a matter of taste, which is why I marked it as 
wishlist.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)

Versions of packages ssh depends on:
ii  openssh-client                1:4.3p2-7  Secure shell client, an rlogin/rsh
ii  openssh-server                1:4.3p2-7  Secure shell server, an rshd repla

ssh recommends no packages.

-- no debconf information

Reply to:

Follow-Ups:
- Bug#403907: marked as done (PermitRootLogin should be disabled by default)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#402903: I think this is a problem in apt actually
Next by Date: Bug#403907: marked as done (PermitRootLogin should be disabled by default)
Previous by thread: Bug#402903: I think this is a problem in apt actually
Next by thread: Bug#403907: marked as done (PermitRootLogin should be disabled by default)
Index(es):
- Date
- Thread