Bug#726661: Does not permit login as root from version 1:6.2p2-6
On Sat, 2014 Sep 27 15:40+0200, Thijs Kinkhorst wrote:
>
> So am I right to conclude that this bug actually concerns the change
> that changes PermitRootLogin to without-password?
I believe that's the real issue, yes.
> I think changing this default makes sense from a security perspective
> as it provides the best compromise between securing a default install
> versus the desire to log in as root directly.
I won't argue that, but I don't see anything in openssh-server's package
scripts addressing the case of a system with a root user + password but
no regular user (i.e. root is the only login available). That's a valid
outcome of debian-installer, and a typical scenario for me when creating
a Linux VM image, and is how I ended up posting here.
> However, I recognise that there are people that are using password-
> based root login who may be surprised by this change. The proper
> solution therefore may be to add a NEWS.Debian entry so everyone is
> informed about this change, and a release notes item at that. If those
> are added, this bug could be closed.
Is there anything that can be done about the unhelpful auth.log
messages? Package documentation is good, and the permit-root-login
debconf question also helps there, but a user who is trying to diagnose
the issue via syslog could use better hints as to what's going on.
Reply to: