Hi, 2015-02-15 12:47:34 chrysn: > i'd like to suggest that when the upgrading question for the > "PermitRootLogin without-password" configuration option (introduced in > 1:6.6p1-1) be skipped if the setting PasswordAuthentication is set to > no. > > on systems where PasswordAuthentication is disabled, the change does not > have any effect, but costs the updater time or is even unseettling > ("wait, didn't i disable that whole thing ages ago?"). disabling > PasswordAuthentication is a frequent recommendation in the area of > securing ssh, and as an optimist i'd expect it to be set on a > significant portion of produciton servers. the check for that won't be trivial, consider another common config: PasswordAuthentication no Match Address 2001:db8::/32 PasswordAuthentication yes Regards Timo
Attachment:
signature.asc
Description: This is a digitally signed message part.