It has been fixed upstream:
http://www.openssh.com/txt/release-6.9
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/510732
Title:
OpenSSH server sshd_config PermitRootLogin - NO
To
This one can probably be closed since the default is now
PermitRootLogin without-password and that's close enough.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/510732
Title:
The entirety of the discussion seems to say there's no intention to
change the current defaults. Why is this 'wishlist', not 'wontfix' or
somesuch?
** Changed in: openssh (Ubuntu)
Status: Confirmed = Opinion
--
You received this bug notification because you are a member of Ubuntu
Server
Yes, it is not safe setting, particularly for home PC - there is put a
simple password to root, and often install ssh server, if you have an
external IP and need access from work.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh
Don't argue about it. Just make the correction by setting it to No
--
OpenSSH server sshd_config PermitRootLogin - NO
https://bugs.launchpad.net/bugs/510732
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
--
Mathias,
Could you elaborate how defaulting PermitRootLogin to no would improve the
default installation?
It does not pass a makes sense sensor (at least not mine). It actually
alarmed me a for a minute into thinking there may be a backdoor into my system.
(I double checked /etc/shadow to
I have stated my position repeatedly, in many different places. It's
obvious that you simply disagree so I don't think it's worth me stating
it again. I respect your right to disagree.
--
OpenSSH server sshd_config PermitRootLogin - NO
https://bugs.launchpad.net/bugs/510732
You received this
Jamie, the various backup strategies that I have seen are all suited to
using sudo. They all run a program or script which receives some
arguments at run time. That includes rsync over ssh. Could you please
be specific about which backup strategy is not able to work with sudo?
Kees, yes, I see
On Fri, Jan 22, 2010 at 12:54:29PM -, Lars Noodén wrote:
Most sub-distros do not have openssh-server by default, so this bug does
not affect them, only AFAIK the Ubuntu server.
The default Ubuntu Server install does *not* have openssh-server
installed.
--
Mathias Gug
Ubuntu Developer
The default Ubuntu Server install does *not* have openssh-server
installed.
Ok, then that's a separate bug needing a separate bug report.
Nearly all installations of the openssh-server package, I am guessing
then, are on the Ubuntu Server or an alternate install tuned to be
rather like the
On Fri, Jan 22, 2010 at 08:26:58PM -, Lars Noodén wrote:
The default Ubuntu Server install does *not* have openssh-server
installed.
Ok, then that's a separate bug needing a separate bug report.
As outlined on the Security Team policies [1]
No Open Ports
Default installations of
Hmm. Wishlist is not the right category for a bug.
Mathias, defaulting PermitRootLogin to no improves the layered process
of 'security' for the default installation by adding another layer of
protection and not relying on the hope that the root account will always
remain disabled. Correcting
Thank you for the cheezburger link, Kees. From it, I am starting to
understand more about how decisions are made in the Ubuntu project and
the authoritative resources drawn upon to help make informed decisions.
Anyhow, those that somehow get the impression that they want to log in
as root can
authoritative resources? I'm inferring that you think my use of a
simple diagram tool to help illustrate this bug is somehow
inappropriate? And yes, I know what layered security is. :)
Please understand that the PermitRootLogin config default is not a new
issue. I'm trying to make sure
If upstream are so convinced that this is a bad idea, then I doubt they
would have made PermitRootLogin default to yes! I do not intend to
deviate from upstream in the Debian or Ubuntu packaging on this matter.
If you want this changed, convince upstream.
We wrote down our thoughts on this in
15 matches
Mail list logo
