On Fri, Jan 27, 2017 at 10:34:29AM +0100, lopiuh wrote: > as discussed in https://lists.debian.org/debian-ssh/2017/01/msg00059.html > PermitRootLogin gets wrong default in /etc/ssh/sshd_config > > * What led up to the situation? > Clean installation, no old config file (/etc/ssh/sshd_config) present > * What exactly did you do (or not do) that was effective (or > ineffective)? > nothing special > * What was the outcome of this action? > [...] > #LoginGraceTime 2m > PermitRootLogin yes > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 > [...] > * What outcome did you expect instead? > [...] > #LoginGraceTime 2m > PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 > [...]
Thanks; fixed in this commit: https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=eec09be133d0f8d4a17b5331c897f4cba3811dde I'm not going to attempt to repair this on upgrades from systems that were freshly installed with 1:7.4p1-1 or newer; there are probably relatively few of those, and I doubt that I can do it without some collateral damage of some kind. You can put the intended default for that line ("#PermitRootLogin prohibit-password") in place and it will be preserved appropriately. -- Colin Watson [cjwat...@debian.org]
