Hi,
2015-02-15 12:47:34 chrysn:
> i'd like to suggest that when the upgrading question for the
> "PermitRootLogin without-password" configuration option (introduced in
> 1:6.6p1-1) be skipped if the setting PasswordAuthentication is set to
> no.
>
> on systems where PasswordAuthentication is disabled, the change does not
> have any effect, but costs the updater time or is even unseettling
> ("wait, didn't i disable that whole thing ages ago?"). disabling
> PasswordAuthentication is a frequent recommendation in the area of
> securing ssh, and as an optimist i'd expect it to be set on a
> significant portion of produciton servers.
the check for that won't be trivial, consider another common config:
PasswordAuthentication no
Match Address 2001:db8::/32
PasswordAuthentication yes
Regards
TimoAttachment:
signature.asc
Description: This is a digitally signed message part.