Bug#462446: marked as done (openssh-server: PermitRootLogin option set to yes)
Your message dated Thu, 24 Jan 2008 23:36:39 +0000
with message-id <1201217799.29677.10.camel@kaa.jungle.aubergine.my-net-space.net>
and subject line Bug#462446: openssh-server: PermitRootLogin option set to yes
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: openssh-server
Version: 1:4.7p1-2
Severity: critical
Tags: security
Justification: root security hole
Value of 'PermitRootLogin' option is set to 'yes' by 'postinst' script.
See 'postinst' script line 265.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii dpkg 1.14.7 package maintenance system for Deb
ii libc6 2.7-6 GNU C Library: Shared libraries
ii libcomerr2 1.40.3-1 common error description library
ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libselinux1 2.0.15-2+b1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-4 SSL shared libraries
ii libwrap0 7.6.dbs-14 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii openssh-client 1:4.7p1-2 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Hi,
On Thu, 2008-01-24 at 23:19 +0000, Stephen Gran wrote:
> This one time, at band camp, Nico Golde said:
[...]
> > This bug can be closed as this is documented behaviour with
> > an explanation in README.Debian since a long time.
>
> That's fine - I am not involved in the maintaining of openssh, so I
> don't like to close bugs in other people's packages without giving them
> a chance to weigh in. I agree with you, fwiw.
Last time the question of PermitRootLogin came up (about six months
ago), Colin confirmed that he agreed with the comments in README.Debian
- see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431627#15.
As mentioned in the message referenced above, this is also the upstream
default.
The relevant section of README.Debian ends:
DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS
INCORRECT!
The argument above is somewhat condensed; I have had this
discussion at great length with many people. If you think the
default is incorrect, and feel strongly enough to want to argue
about it, then send email to debian-ssh@lists.debian.org. I will
close bug reports claiming the default is incorrect.
I'm therefore closing the bug with this message.
Regards,
Adam
--- End Message ---
Reply to: