Subject: re: sshd Change: PermitRootLogin = no
To: None <>
From: matthew green <>
List: current-users
Date: 09/01/2001 11:09:18
   	do you really want to change the DEFAULT behavior, or do you happy with
   	changing sshd.conf locally?  i don't see your point.  if you believe
   	secure shell protocol is secure enough, it should be okay to set
   	PermitRootLogin to yes.  if there's any buffer overrun or other
   	vulnerability, root privilege will get compromized anyways regardless
   	from PermitRootLogin.  what kind of middle ground are you aiming for?

the issue isn't about whether ssh is secure enough for not.  it's about
being *consistent* within our own set of tools.

until ssh was integrated into netbsd, it was virtually impossible for
anyone to login as root except on the console, until that ability was
configured by the sysadmin.  ie:

	- add users

	- add users to group wheel (or remote all entries from group

	- tell users root password.

and still they could only access root via a physical console or after
having already authenticated themselves.  when ssh was integrated, all
that one needs is for sshd to be enabled and the root password to be
known.  this *totally* changes the NetBSD default.  and that's why it
has been changed to not permit root login.  *not* ssh vs. anything else
but *self consistency in NetBSD*.