Subject: Re: sshd Change: PermitRootLogin = no
To: None <itojun@iijlab.net>
From: Curt Sampson <cjs@cynic.net>
List: current-users
Date: 09/01/2001 17:28:52
On Sat, 1 Sep 2001 itojun@iijlab.net wrote:

> 	i don't see your point.  if you believe
> 	secure shell protocol is secure enough, it should be okay to set
> 	PermitRootLogin to yes.

No, I don't believe secure shell protocol is secure enough. "We",
being the NetBSD project, only allowed direct root logins for those
with physical access to the machine (where you hardly need even a root
password to get root). Ssh allows people to attempt logins remotely.

>	if there's any buffer overrun or other
> 	vulnerability, root privilege will get compromized anyways regardless
> 	from PermitRootLogin.  what kind of middle ground are you aiming for?

Please re-read my commit message carefully, as well as the various
messages here to see what the security policy was (and now is again),
exactly.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC