On Sat, Aug 01, 2015 at 08:25:06AM +0100, Jason McIntyre wrote: > On Fri, Jul 31, 2015 at 07:20:36PM -0400, Michael Reed wrote: > > Hi all, > > > > I noticed that the default for the sshd_config option "PermitRootLogin" > > changed from "yes" to "no" [1], but afterboot(8) still refers to it as > > if "yes" is the default. > > > > Perhaps the sub-section could be reworded a bit to clarify the new > > default, but I'll leave that to the developers as I'm unsure what they want. > > > > Regards, > > Michael > > > > [1]: http://www.openbsd.org/faq/current.html#20150428 > > > > > > > > Index: src/share/man/man8/afterboot.8 > > =================================================================== > > RCS file: /cvs/src/share/man/man8/afterboot.8,v > > retrieving revision 1.147 > > diff -u -p -r1.147 afterboot.8 > > --- src/share/man/man8/afterboot.8 30 Jul 2015 08:03:49 -0000 1.147 > > +++ src/share/man/man8/afterboot.8 31 Jul 2015 23:02:11 -0000 > > @@ -90,12 +90,12 @@ If that option was not used, see the par > > .Sx Add new users > > below. > > .Pp > > -To deny root logins over the network, edit the > > +To permit root logins over the network, edit the > > .Pa /etc/ssh/sshd_config > > file and set > > .Cm PermitRootLogin > > to > > -.Dq no > > +.Dq yes > > (see > > .Xr sshd_config 5 ) . > > .Ss Root password > > > > if we do it this way, it almost sounds like we're recommending people do > this. if the default is now root logins are denied, i'd say telling > people how to permit them has no relevant place in afterboot(8). so i > propose zapping it altogether. > > ok? > jmc
I think that would make sense. fwiw, OK rpe@ -- -=[rpe]=-