On Wed, Sep 15, 2004 at 03:58:17PM +0200, Jonas Meurer wrote: > after i tested it on two differnent boxes, one with up-to-date sarge, > and one with up-to-date sid, i'm quite confident, that the > PermitRootLogin option at sshd_config doesn't understand the > without-password value. > > after i changed PermitRootLogin from 'yes' to 'without-password', i was > still able to login from a remote box without any key, and with typing > the root password, not the key passphrase.
Are you sure you disabled PAM authentication which is the default authentication method in the current packages? It is documented that there are password based authentication methods that aren't covered by without-password: <quote sshd_config(5)> If this option is set to ``without-password'' password authenti- cation is disabled for root. Note that other authentication methods (e.g., keyboard-interactive/PAM) may still allow root to login using a password. </quote> Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/
