Subject: Re: PermitRootLogin in SSHd
To: Brian Seklecki <lavalamp@burghcom.com>
From: Curt Sampson <cjs@cynic.net>
List: port-i386
Date: 08/20/2001 13:12:52
On Sun, 19 Aug 2001, Brian Seklecki wrote:
> In fact, I cast a vote for setting PermitRootLogin to FALSE in the
> default sshd_config.
>
> Anyone else?
I would agree, since we also default to having root in the wheel group
in /etc/group. (This disallows su to root for anybody not in the wheel
group.)
The two consistent options are:
1. ssh PermitRootLogin = false, root in wheel group
2. ssh PermitRootLogin = true, empty wheel group
The way we have it set up now is inconsistent.
cjs
--
Curt Sampson <cjs@cynic.net> 917 532 4208 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC