On Mon, Jan 27, 2003, Vinod Kutty wrote:
> Would it make sense to have the default, out-of-the-box config of
> openssh's sshd_config use these options:
>
> UsePrivilegeSeparation yes (current default = no)
> PermitRootLogin no (current default = yes)
>
> in order to make the default config a little more "secure" (whatever that
> means 8-) )?
>
> Currently, the openpkg 1.1.x and 1.2 packaging of openssh 3.4p1 and 3.5p1
> use the above defaults in parentheses. The vanilla openssh appears to set
> "UsePrivilegeSeparation yes".
"PermitRootLogin no" is fine and can be done, but
"UsePrivilegeSeparation yes" I would be carefully about: AFAIK this
still does _NOT_ work on all platforms and even on those where it works
it has some nasty restrictions (like it cannot be used in combination
with other options [like UseLogin AFAIK], etc).
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
