Subject: Re: sshd Change: PermitRootLogin = no
To: None <itojun@iijlab.net>
From: Curt Sampson <cjs@cynic.net>
List: current-users
Date: 09/01/2001 17:28:52
On Sat, 1 Sep 2001 itojun@iijlab.net wrote:
> i don't see your point. if you believe
> secure shell protocol is secure enough, it should be okay to set
> PermitRootLogin to yes.
No, I don't believe secure shell protocol is secure enough. "We",
being the NetBSD project, only allowed direct root logins for those
with physical access to the machine (where you hardly need even a root
password to get root). Ssh allows people to attempt logins remotely.
> if there's any buffer overrun or other
> vulnerability, root privilege will get compromized anyways regardless
> from PermitRootLogin. what kind of middle ground are you aiming for?
Please re-read my commit message carefully, as well as the various
messages here to see what the security policy was (and now is again),
exactly.
cjs
--
Curt Sampson <cjs@cynic.net> +81 3 5778 0123 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC