From 772dd17b51665acecd61c8a9a557263825e4443b Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 11 Jul 2000 09:50:15 +0000 Subject: Fix out-of-sync defaults. PermitRootLogin is supposed to be 'no' but sshd's internal default was 'yes'. (if some cracker managed to trash /etc/ssh/sshd_config, then root logins could be reactivated) Approved by: kris --- crypto/openssh/servconf.c | 2 +- crypto/openssh/sshd.8 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 5441b2a..2788e03 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -103,7 +103,7 @@ fill_default_server_options(ServerOptions *options) if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == -1) - options->permit_root_login = 1; /* yes */ + options->permit_root_login = 0; /* no */ if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index e39c7f4..1133b88 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -480,7 +480,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . If this options is set to .Dq without-password only password authentication is disabled for root. -- cgit v1.1