Mathias, > Could you elaborate how defaulting PermitRootLogin to no would improve the > default installation?
It does not pass a "makes sense" sensor (at least not mine). It actually alarmed me a for a minute into thinking there may be a backdoor into my system. (I double checked /etc/shadow to make sure) The improvement comes from a more consistent and logical system/configuration. Colin, > If upstream are so convinced that this is a bad idea, then I doubt they would > have made PermitRootLogin default to yes! I do > not intend to deviate from upstream in the Debian or Ubuntu packaging on this > matter. If you want this changed, convince > upstream. If you do not want to be BETTER than upstream, then what's the point of a derivative distro? In OSS philosophy you can/should report to upstream and have it fixed there so it benefits everyone, but when a setting doesn't make sense, it just doesn't make sense and should be changed IMHO. For anyone not wanting to change it: What is the reasoning behind setting PermitRootLogin to "yes" other than "upstream does it too"? -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
