Ubuntu

PermitRootLogin yes

Reported by Julien Rottenberg on 2005-09-21
This bug report is a duplicate of:  Bug #45416: PermitRootLogin. Edit Remove
6
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Wishlist
Colin Watson

Bug Description

Maybe it's not a bug, but I see this setting as a Machiavellian way to force
users to use sudo instead of set a password to the root account (the sudo passwd
infamy)

At least, as the root login is not enabled on Ubuntu it could be more secure to
it to No.

Colin Watson (cjwatson) wrote :

(In reply to comment #0)
> Maybe it's not a bug, but I see this setting as a Machiavellian way to force
> users to use sudo instead of set a password to the root account (the sudo passwd
> infamy)

I don't even understand how such a Machiavellian plot could work with
PermitRootLogin this way round, anyway ... surely it makes it *easier* not to
use sudo if you choose not to?

> At least, as the root login is not enabled on Ubuntu it could be more secure to
> it to No.

It makes no difference at all what PermitRootLogin's set to if the root account
is locked. sshd doesn't magically let you authenticate to an account that has no
valid authentication paths, save for an sshd compromise in which case you lose
no matter what. :-)

I agree with Matthew Vernon's assessment of the security issues in
/usr/share/doc/openssh-server/README.Debian.gz, and I'm afraid I don't intend to
change this setting; if anything I think it's less relevant to Ubuntu than it is
to Debian. It's perhaps worth noting that 'PermitRootLogin yes' is also the
upstream default.

Julien Rottenberg (jrottenberg) wrote :

Oh ! Sorry, I did not check /usr/share/doc/openssh-server/README.Debian.gz,

<<DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS INCORRECT!>>

Sorry one million times !

And thanks for your reply...

Cordialy.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.