Subject: Re: sshd Change: PermitRootLogin = no
To: None <>
From: Curt Sampson <>
List: current-users
Date: 09/01/2001 17:28:52
On Sat, 1 Sep 2001 wrote:

> 	i don't see your point.  if you believe
> 	secure shell protocol is secure enough, it should be okay to set
> 	PermitRootLogin to yes.

No, I don't believe secure shell protocol is secure enough. "We",
being the NetBSD project, only allowed direct root logins for those
with physical access to the machine (where you hardly need even a root
password to get root). Ssh allows people to attempt logins remotely.

>	if there's any buffer overrun or other
> 	vulnerability, root privilege will get compromized anyways regardless
> 	from PermitRootLogin.  what kind of middle ground are you aiming for?

Please re-read my commit message carefully, as well as the various
messages here to see what the security policy was (and now is again),

Curt Sampson  <>   +81 3 5778 0123
    Don't you know, in this new Dark Age, we're all light.  --XTC