In article <20171013145400.GA82524@harkle> Jason McIntyre <j...@kerhand.co.uk> wrote: > On Fri, Oct 13, 2017 at 02:01:17PM +0100, Stuart Henderson wrote: > > On 2017/10/13 12:57, Walter Alejandro Iglesias wrote: > > > In sshd_config(5), to avoid confusion with PermitRootLogin options. > > > > > > Original: > > > > > > If this option is set to *prohibit-password* or *without-password*, > > > password and keyboard-interactive authentication are disabled for > > > root. > > > > > > Proposed: > > > > > > If this option is set to *prohibit-password* (renamed from > > > *without-password* to avoid ambiguity, both valid) only non > > > keyboard-interactive authentication (public-key, hostbased and GSSAPI) > > > is allowed for root. > > > > How about a briefer alternative that points people towards the > > more self-explanatory option keyword? > > > > Index: sshd_config.5 > > =================================================================== > > RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v > > retrieving revision 1.254 > > diff -u -p -r1.254 sshd_config.5 > > --- sshd_config.5 9 Oct 2017 20:12:51 -0000 1.254 > > +++ sshd_config.5 13 Oct 2017 12:59:14 -0000 > > @@ -1198,10 +1198,11 @@ The default is > > .Cm prohibit-password . > > .Pp > > If this option is set to > > -.Cm prohibit-password > > -or > > -.Cm without-password , > > +.Cm prohibit-password , > > password and keyboard-interactive authentication are disabled for root. > > +.Cm without-password > > +is a deprecated alias for > > +.Cm prohibit-password . > > .Pp > > If this option is set to > > .Cm forced-commands-only , > > > > i agree that we should not try to list all the other types that are > valid, since it means one more thing to remember when things change. > and means adding more text. > > i'm fine with your diff, but couldn;t resist having a stab myself:
The first paragraph is the more important. I like this version. > > Index: sshd_config.5 > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v > retrieving revision 1.254 > diff -u -r1.254 sshd_config.5 > --- sshd_config.5 9 Oct 2017 20:12:51 -0000 1.254 > +++ sshd_config.5 13 Oct 2017 14:52:03 -0000 > @@ -1190,7 +1190,6 @@ > The argument must be > .Cm yes , > .Cm prohibit-password , > -.Cm without-password , > .Cm forced-commands-only , > or > .Cm no . > @@ -1199,8 +1198,8 @@ > .Pp > If this option is set to > .Cm prohibit-password > -or > -.Cm without-password , > +(or its deprecated alias, > +.Cm without-password ) , > password and keyboard-interactive authentication are disabled for root. > .Pp > If this option is set to > >