[openssh] Root login enabled by default (security issue)
Bug #56143 reported by
Wesley Schwengle
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openssh-server
A default installation of the openssh-server package has (IMHO) a security issue. The default sshd_config has root login enabled. I find this very insecure. It looks like the package assumes people did not change the default root setup for Ubuntu. As soon as one changes this, and did not look at the default sshd config, one has a potential security issue. root accounts should not be allowed to login to any server. Allowing this as a default is bad practice.
Please change the following line:
PermitRootLogin yes
to:
PermitRootLogin no
To post a comment you must log in.
No, this is unrelated to Ubuntu's authentication model. This is in fact the default setting provided by the upstream OpenSSH developers. /usr/share/ doc/openssh- server/ README. Debian. gz explains.