-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13/08/12 08:34, Guillaume Rousse wrote: > Le 12/08/2012 21:57, David Walser a écrit : >> Johnny A. Solbu wrote: >>> On Sunday 12 August 2012 19:28, David Walser wrote: >>>> Through the PAM configuration for SSH shipped with the >>>> openssh-server package, root login is broken. Here's why. >>>> /etc/pam.d/sshd has: auth required pam_listfile.so item=user >>>> sense=deny file=/etc/ssh/denyusers >>>> >>>> The file /etc/ssh/denyusers has "root" in it by default. >>> >>> I read somewhere some time ago that PermitRootLogin in >>> sshd_config is ignored if PAM is used. That may be the reason >>> for this. >> >> Nope, I just tested it and that is not true. > There is an explicit comment in the configuration file: # Depending > on your PAM configuration, # PAM authentication via > ChallengeResponseAuthentication may bypass # the setting of > "PermitRootLogin without-password". > > My understanding is just than some specific PAM configuration > would eventually allow root user to authenticate through a > password, instead of a key. > > Regarding your original problem, feel free to commit the relevant > modifications.
Why would anyone need root login over ssh? I don't allow it on my server and it has never caused me any problems. Su to root works perfectly well and avoids the security risk, so I don't understand this thread. Anne - -- Need KDE help? Try http://userbase.kde.org or http://forum.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAovSkACgkQj93fyh4cnBc8AQCbBY28p9fxW2LtWV9G89b1VlnT spYAn3hJGydYD5jdpNtSYTnjDznI4hED =c6wq -----END PGP SIGNATURE-----
