At 9:31 AM -0700 8/18/06, Matthew Dillon wrote:
In fact, it is my thinking that we should adjust the default sshd_config to set the PermitRootLogin field to 'without-password' by default, since it won't do anything unless the SSH keys are also installed in root's authorized_keys file.
Sounds like a good idea. The option should have been called something else though. One of my co-workers saw PermitRootLogin without-password in some of the config files I set up, and nearly had a panic-attack! Some phrase more like "only-by-keys". Or at least include a comment in the sshd_config file which makes that clear to admins who aren't used to seeing that option. -- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute or [EMAIL PROTECTED]