I've looked at the source code. Colin (cjwatson) writes as a comment in openssh-server.postinst:
> # XXX cjwatson 2016-12-24: This debconf template is very confusingly > # named; its description is "Disable SSH password authentication for > # root?", so true -> prohibit-password (the upstream default), > # false -> yes. This is conflict with https://canonical-subiquity.readthedocs- hosted.com/en/latest/reference/autoinstall-reference.html#debconf- selections: > autoinstall: > # Disable SSH root login and start the ufw firewall automatically > debconf-selections: | > openssh-server openssh-server/permit-root-login boolean false > ufw ufw/enable boolean true And is also in conflict with what someone who configures systems using Preseed files or autoinstall.yaml files fed to Subiquity, and who hence _never sees_ the Whiptail screen with the description in it, would expect from an option called "permit-root-login". I also don't foresee a circumstance in which anyone would configure a production system to allow root to login over SSH using a password, so a choice between "prohibit-password" and "no" would be of more practical use. I acknowledge that this would be a breaking change for people who set up their SSH servers really insecurely. The ability to use debconf to set any of "yes", "prohibit-password", "forced-commands-only", or "no" would be even better. I acknowledge that this would be a breaking change for people who use debconf to pre- configure packages because of the change of data type from boolean to something else. One of three things should happen: - Canonical should update the Subiquity docs to reflect the current behaviour of the package, so as not to mislead people. This is the least-desirable option because it doesn't improve the useful options available to people who use debconf to pre-configure packages. However, this is the option that is under Canonical's control. - The package maintainers replace "yes" with "no" in the postinst and update the debconf template description to reflect this. This would require agreement from the Debian project. - The package maintainers enable all of "yes", "prohibit-password", "forced-commands-only", or "no" in debconf. Again, this would require agreement from the Debian project. ** Attachment added: "command-output-installed-os.txt" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2128863/+attachment/5918590/+files/command-output-installed-os.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2128863 Title: Setting the debconf "openssh-server/permit-root-login" option to false ENABLES root logins when it should disable them To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2128863/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
