https://bugzilla.mindrot.org/show_bug.cgi?id=2164
--- Comment #6 from Philip Hands <[email protected]> --- Fair enough. I guess one would put without-password in the default config file. The startup script could then check for keys allowing root logins, and if absent, it could check that the config file still contained without-password, and if so override that to no on the command line by adding: -o PermitRootLogin=no That, and a comment explaining what's going on in the distro's shipped config file, should do the trick. Would it be worth adding such a suggestion to the release notes when explaining the intent behind the change? Of course the script doing the checking for keys should perhaps look out for AuthorizedKeysCommand being set too, and there may be other wrinkles I've not thought of -- is there a way of getting sshd to spit out the list of keys it would check for root? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
