PermitRootLogin yes
Bug #22136 reported by
Julien Rottenberg
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssh (Ubuntu) |
Invalid
|
Wishlist
|
Colin Watson | ||
Bug Description
Maybe it's not a bug, but I see this setting as a Machiavellian way to force
users to use sudo instead of set a password to the root account (the sudo passwd
infamy)
At least, as the root login is not enabled on Ubuntu it could be more secure to
it to No.
Revision history for this message
| Colin Watson (cjwatson) wrote | #1 |
Revision history for this message
| Julien Rottenberg (jrottenberg) wrote | #2 |
To post a comment you must log in.
(In reply to comment #0)
> Maybe it's not a bug, but I see this setting as a Machiavellian way to force
> users to use sudo instead of set a password to the root account (the sudo passwd
> infamy)
I don't even understand how such a Machiavellian plot could work with
PermitRootLogin this way round, anyway ... surely it makes it *easier* not to
use sudo if you choose not to?
> At least, as the root login is not enabled on Ubuntu it could be more secure to
> it to No.
It makes no difference at all what PermitRootLogin's set to if the root account
is locked. sshd doesn't magically let you authenticate to an account that has no
valid authentication paths, save for an sshd compromise in which case you lose
no matter what. :-)
I agree with Matthew Vernon's assessment of the security issues in
/usr/share/
change this setting; if anything I think it's less relevant to Ubuntu than it is
to Debian. It's perhaps worth noting that 'PermitRootLogin yes' is also the
upstream default.