In sshd_config(5), to avoid confusion with PermitRootLogin options.
Original:
If this option is set to *prohibit-password* or *without-password*,
password and keyboard-interactive authentication are disabled for
root.
Proposed:
If this option is set to *prohibit-password* (renamed from
*without-password* to avoid ambiguity, both valid) only non
keyboard-interactive authentication (public-key, hostbased and GSSAPI)
is allowed for root.
--- sshd_config.5.orig Mon Oct 9 22:12:51 2017
+++ sshd_config.5 Fri Oct 13 12:38:13 2017
@@ -1199,9 +1199,10 @@
.Pp
If this option is set to
.Cm prohibit-password
-or
-.Cm without-password ,
-password and keyboard-interactive authentication are disabled for root.
+(renamed from
+.Cm without-password
+to avoid ambiguity, both valid) only non keyboard-interactive authentication
+(public-key, hostbased and GSSAPI) is allowed for root.
.Pp
If this option is set to
.Cm forced-commands-only ,
***
A related question. About these messages (/var/log/authlog):
... error: maximum authentication attempts exceeded for root ...
... error: maximum authentication attempts exceeded for invalid user admin ...
Is there any reason why the connection isn't just terminated after
confirming the user is root or invalid?
