diff options
author | peter <peter@FreeBSD.org> | 2000-07-11 09:50:15 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 2000-07-11 09:50:15 +0000 |
commit | 772dd17b51665acecd61c8a9a557263825e4443b (patch) | |
tree | ef48c11e8c9ffd4733f650699499c7bac8096a2d /crypto | |
parent | 4036af0a9c5df88c47870e2de22759b6923877ff (diff) | |
download | FreeBSD-src-772dd17b51665acecd61c8a9a557263825e4443b.zip FreeBSD-src-772dd17b51665acecd61c8a9a557263825e4443b.tar.gz |
Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but
sshd's internal default was 'yes'. (if some cracker managed to trash
/etc/ssh/sshd_config, then root logins could be reactivated)
Approved by: kris
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/servconf.c | 2 | ||||
-rw-r--r-- | crypto/openssh/sshd.8 | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 5441b2a..2788e03 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -103,7 +103,7 @@ fill_default_server_options(ServerOptions *options) if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == -1) - options->permit_root_login = 1; /* yes */ + options->permit_root_login = 0; /* no */ if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index e39c7f4..1133b88 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -480,7 +480,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . If this options is set to .Dq without-password only password authentication is disabled for root. |