There is a really good setting to use in the sshd_config file that I found
for 1.2.26, it is PermitRootLogin with the option nopwd. This allows the
public private key authentication but not the password authentication.
The problem with this is when you enter the root password it give you this
error message:
ROOT LOGIN REFUSED FROM [login host]
My problem with this is that someone could figure out the root password even
though they could not login in, but then all they need is a user password and
they will be set. I have a patch for this but have heard that the ssh
developers will not accept patches from anyone that resides in a country with
export restrictions, like the US. This problem is so bunny that I would hate
to post a fix and it not be able to be merged with the code base. The
offending code is in sshd.c
---
A paranoid user,
Andrew L. Davis
