Murukesh Mohanan wrote: > Bob Proulx wrote: > > was documented in the /usr/share/doc/openssh-server/README.Debian.gz > > That's about the bug report that led to all this: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298138 I am familiar with that bug report. It is referenced in the README.Debian.gz file that Brian and I referenced. Personally I always use a strong password for root, only very rarely log in as root using a password, mostly use ssh rsa keys with a strong passphrase for remotely logging in, but do allow remote root login. Sometimes only root can log into the system. Blocking that prevents saving the machine in those bad situations. I don't relish a several hour flight/drive to get hands-on physical access to a system which would be only the alternative. Since I am confident that my strong root password is sufficiently difficult to exploit it is a good configuration for me to allow remote root login to be able to save the machine in those times when only root can log in and it needs saving. I know that others feel differently and that is fine for them. Certainly if it is your own laptop then you always have physical access so it doesn't matter what you choose. There isn't a one size fits all configuration for everyone. Just a default until you need to customize it. If everyone must always customize it then I don't think it is a reasonable default. If it works for most people then that is about as good as it can get. > > Assuming this is a documented interface, then okay. But if it isn't > > a documented interface then no. > > Are package preseed settings, as opposed to debian-installer ones > documented anywhere? Not that I know of. And by that neither do I think they are available for preseed at system installation time. I do not use *package* preseeds myself at system installation time. I configure packages after system installation. If you can make it work otherwise then that is good for you. I am not going to stand in the way of someone who is actually getting something done. But it seems that it isn't working for you. And at this point I think it is because it isn't expected to work that way. > > Whether this is accepted in the Debian package is up to the Debain > > maintainers of the openssh package. That package is a team maintained > > package by the debian-ssh team. You would need to contact them. I > > don't think anyone here will know if any of those folks are subscribed > > to the debian-user mailing list. The debian-user mailing list is a > > community support mailing list. We are all simply users here and try > > to help each other out. > > I would have posted to the original bug, but it's archived. > Thanks. I will perhaps open a new bug report or contact them some other > way. Sorry for the trouble. Please I was happy to help with the discussion. You were on topic for the mailing list. You are having trouble using the Debian system and were discussing it. That is perfect for this mailing list. It just happens to be that while this mailing is good for discussion it isn't a place to reach a final decision. For this package that is up to the debian-ssh team. So please feel free to discuss here and formulate and refine the thoughts and then take the issue to the upstream team. That's good! Bob
Attachment:
signature.asc
Description: Digital signature