[Bug 510732] Re: OpenSSH server sshd_config PermitRootLogin -> NO
Kees Cook
kees at ubuntu.com
Thu Jan 21 19:16:18 GMT 2010
The issue is a trade-off between three classes of people, I think:
- People that have systems where root can SSH in (which consists of):
- Those that want to SSH in as root
- Those that are surprised they can SSH in as root
- Those that don't care
http://cheezburger.com/View.aspx?aid=3094191616
By changing the default to "no", we protect the class of people that
don't care, and irritate the people that expect to log in as root. By
leaving the default as "yes", the class of people that don't care are
vulnerable, but irritate the people that think this is insecure.
The choice depends on the perceived benefit in protecting that class of
user while weighed against those expecting to log in as root without
having to also change SSH configs. Is the dark green area larger than
the blue area?
--
OpenSSH server sshd_config PermitRootLogin -> NO
https://bugs.launchpad.net/bugs/510732
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list