At 9:31 AM -0700 8/18/06, Matthew Dillon wrote:
In fact, it is my thinking that we should adjust the
default sshd_config to set the PermitRootLogin field
to 'without-password' by default, since it won't do
anything unless the SSH keys are also installed in
root's authorized_keys file.
Sounds like a good idea. The option should have been called
something else though. One of my co-workers saw
PermitRootLogin without-password
in some of the config files I set up, and nearly had a
panic-attack! Some phrase more like "only-by-keys". Or
at least include a comment in the sshd_config file which
makes that clear to admins who aren't used to seeing that
option.
--
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute or [EMAIL PROTECTED]
