Re: Review for "PermitRootLogin without-password" change

To: debian-ssh@lists.debian.org
Subject: Re: Review for "PermitRootLogin without-password" change
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 21 Mar 2014 16:13:49 +0000
Message-id: <[🔎] 20140321161349.GA11788@riva.ucam.org>
Mail-followup-to: debian-ssh@lists.debian.org
In-reply-to: <[🔎] m3k3bol7am.fsf@carbon.jhcloos.org>
References: <[🔎] 20140320014833.GC32733@riva.ucam.org> <[🔎] m3k3bol7am.fsf@carbon.jhcloos.org>

On Thu, Mar 20, 2014 at 08:32:56PM -0400, James Cloos wrote:
> I am in favour of the change fo new installs, and of asking to do it on
> upgrades.
> 
> But please be sure to announce the change widely.
> 
> It is *very* common in the vps world for new virtuals to come with the
> expectation that the users must login the first time as root with a
> password.
> 
> The companies doing that will need to know that they either have to
> start asking for an ssh public key when a customer purchases a new vps
> or change their template to bypass debian's new default.
> 
> (I presume most of us will prefer the former, but I'm not holding my breath.)

Thanks for this feedback.  Do you have any suggestions for where we
might publicise this in an effective way?

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: Review for "PermitRootLogin without-password" change
  - From: Russ Allbery <rra@debian.org>

References:
- Review for "PermitRootLogin without-password" change
  - From: Colin Watson <cjwatson@debian.org>
- Re: Review for "PermitRootLogin without-password" change
  - From: James Cloos <cloos@jhcloos.com>

Prev by Date: Re: Review for "PermitRootLogin without-password" change
Next by Date: Re: Review for "PermitRootLogin without-password" change
Previous by thread: Re: Review for "PermitRootLogin without-password" change
Next by thread: Re: Review for "PermitRootLogin without-password" change
Index(es):
- Date
- Thread