Subject: Re: sshd Change: PermitRootLogin = no
To: Brian Hechinger <email@example.com>
From: None <firstname.lastname@example.org>
Date: 09/01/2001 07:39:25
>> I vote for whatever behavior compatible with stock OpenSSH, by default.
>> I don't think it wise to surprise people.
>i'd agree if it weren't for the fact that i don't agree with stock OpenSSH (which
>is to set it to yes. am i correct?) i'd rather surpise people if it means there
>is even the remotest chance of making things more secure. would you rather be
>grumpy because you have to reconfig ssh or pissed off because your system was
>compromised. i'm not saying that it will happen, just that it can. and that's
>good enough for me.
do you really want to change the DEFAULT behavior, or do you happy with
changing sshd.conf locally? i don't see your point. if you believe
secure shell protocol is secure enough, it should be okay to set
PermitRootLogin to yes. if there's any buffer overrun or other
vulnerability, root privilege will get compromized anyways regardless
from PermitRootLogin. what kind of middle ground are you aiming for?