Bug#852781: openssh-server: Wrong default for setting PermitRootLogin (yes instead of prohibit-password) in clean install
On Fri, Jan 27, 2017 at 10:34:29AM +0100, lopiuh wrote:
> as discussed in https://lists.debian.org/debian-ssh/2017/01/msg00059.html
> PermitRootLogin gets wrong default in /etc/ssh/sshd_config
>
> * What led up to the situation?
> Clean installation, no old config file (/etc/ssh/sshd_config) present
> * What exactly did you do (or not do) that was effective (or
> ineffective)?
> nothing special
> * What was the outcome of this action?
> [...]
> #LoginGraceTime 2m
> PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
> #MaxSessions 10
> [...]
> * What outcome did you expect instead?
> [...]
> #LoginGraceTime 2m
> PermitRootLogin prohibit-password
> #StrictModes yes
> #MaxAuthTries 6
> #MaxSessions 10
> [...]
Thanks; fixed in this commit:
https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=eec09be133d0f8d4a17b5331c897f4cba3811dde
I'm not going to attempt to repair this on upgrades from systems that
were freshly installed with 1:7.4p1-1 or newer; there are probably
relatively few of those, and I doubt that I can do it without some
collateral damage of some kind. You can put the intended default for
that line ("#PermitRootLogin prohibit-password") in place and it will be
preserved appropriately.
--
Colin Watson [cjwatson@debian.org]
Reply to: