Bug#522745: [security] debian/openssh-server.postinst improved sshd_config

[Jari Aalto <jari.aalto@cante.net>]

Colin Watson <cjwatson@debian.org> writes:

> On Mon, Apr 06, 2009 at 11:37:47AM +0300, Jari Aalto wrote:
>> - PermitRootLogin cha¨nge: from 'yes' to 'no'
>
> No. See README.Debian.

This wasn't obvious.

Please add at least a comment to the default conffile for people to
consult /usr/share/doc/openssh-server/README.Debian.gz why it's on in
by default

Considering README.Debian:

    ...If you set it to no, then they must compromise a normal user
    account. In the vast majority of cases, this does not give added
    security; remember that any account you su to root from is equivalent
    to root - compromising this account gives an attacker access to root
    easily.

The reasoning doesn' look sound. It would apperar that two-layer
security is better than one, because one would need to:

1) Find a user name. Not a obvious task in small sites.
2) crack user login
3) crack the root passwd from within site;
   not straight forwards, CPU limits ... watchdogs.

Instead of hammering root-login directly with botnet attacks.

>> - Add paragraph breaks between option groups
>
> Sounds like an excellent way to generate conffile resolution conflicts
> for anyone who's modified this file. Not worth it.

If there are already custom modifications, the upgrade suggests
a conflict resolution anyway, no?

Jari