Mathias, > Could you elaborate how defaulting PermitRootLogin to no would improve the > default installation?
It does not pass a "makes sense" sensor (at least not mine). It actually alarmed me a for a minute into thinking there may be a backdoor into my system. (I double checked /etc/shadow to make sure) The improvement comes from a more consistent and logical system/configuration. Colin, > If upstream are so convinced that this is a bad idea, then I doubt they would > have made PermitRootLogin default to yes! I do > not intend to deviate from upstream in the Debian or Ubuntu packaging on this > matter. If you want this changed, convince > upstream. If you do not want to be BETTER than upstream, then what's the point of a derivative distro? In OSS philosophy you can/should report to upstream and have it fixed there so it benefits everyone, but when a setting doesn't make sense, it just doesn't make sense and should be changed IMHO. For anyone not wanting to change it: What is the reasoning behind setting PermitRootLogin to "yes" other than "upstream does it too"? -- OpenSSH server sshd_config PermitRootLogin -> NO https://bugs.launchpad.net/bugs/510732 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
