On Sat, 1 Sep 2001, Curt Sampson wrote:

> On Sat, 1 Sep 2001 itojun@iijlab.net wrote:
>
> > 	i don't see your point.  if you believe
> > 	secure shell protocol is secure enough, it should be okay to set
> > 	PermitRootLogin to yes.
>
> No, I don't believe secure shell protocol is secure enough. "We",
> being the NetBSD project, only allowed direct root logins for those
> with physical access to the machine (where you hardly need even a root
> password to get root). Ssh allows people to attempt logins remotely.

No, we permitted root logins from "secure" ttys. Physical access was not
listed as the deciding factor. Yes, physical access is an obvious example
of a "secure" terminal, but it is not, from what I've seen, the
definition.

The whole point of the thread is that in a number of people's eyes, it is
possible to have secure, remote connections. I'm not saying you have to do
it on your machines - do what you want with them. I am though saying I
object to you deciding that your take on things is the one true way, and
is more important that many years of common practice, both with NetBSD and
most all of the ssh installed base.

> >	if there's any buffer overrun or other
> > 	vulnerability, root privilege will get compromized anyways regardless
> > 	from PermitRootLogin.  what kind of middle ground are you aiming for?
>
> Please re-read my commit message carefully, as well as the various
> messages here to see what the security policy was (and now is again),
> exactly.

Please do not be condescending. I understand what your point is, and I'm
trying to explain to you why I believe it is incorrect, and that the
question is no where near as obvious as you made out in your notes.
Saying, "Please re-read my commit message carefully," implies that: 1) I
did not read your note carefully, and 2) that if I were to I would
immediatly agree with you. I do not believe that either implication is
correct.

Take care,

Bill