On Fri, 2017-01-27 at 10:34 +0100, lopiuh wrote: > * What outcome did you expect instead? > [...] > #LoginGraceTime 2m > PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 > [...] No, the outcome shouldn't be that, it should be left just at default (which is already prohibit-password) and not set explicitly. Debian's SSH already mangles around with too many security relevant options for not good or little good reasons (see several of my bug reports on these). It's not that I'd generally condemn deviation from upstream defaults, but there should be really strong grounds for doing so. Setting this explicitly causes just further pain later if that value should ever change again in the upstream defaults to something even more secure or better. Best wishes, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature