tech-install: Re: sshd won't allow access by root

Subject: Re: sshd won't allow access by root
To: None <tech-install@netbsd.org>
From: William Allen Simpson <wsimpson@greendragon.com>
List: tech-install
Date: 09/28/2002 10:08:50

Roland Dowdeswell wrote:
> This is the default for sshd and can be changed in /etc/ssh/sshd_config
> or /etc/sshd.conf (depending on the version).
> 
Of course, this is the first thing I checked.  I compared the -current 
man pages for netbsd and openbsd online.  There are minor differences, 
such as 600 second timeout for netbsd (versus 120 second for openbsd), 
but both clearly say:

    PermitRootLogin
             Specifies whether root can login using ssh(1).  The argument must
             be ``yes'', ``without-password'', ``forced-commands-only'' or
             ``no''.  The default is ``yes''.

Now that I've got the machine running, I've just checked the actual 
installed file, which says: 

#LoginGraceTime 600
#PermitRootLogin no

Well, that's commented out....

Anyway, this is a significant change from longstanding OpenSSH practice, 
and COMPLETELY UNDOCUMENTED. 

-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32