| Summary: | 2_a1: /etc/ssh/sshd_config has PermitRootLogin without-password | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Bit Twister <bittwister2> |
| Component: | RPM Packages | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED INVALID | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | Normal | CC: | olav |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | openssh-5.8p2-1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Bit Twister
2011-12-10 08:21:05 CET
False alarm. You will be asked for password if key is in /root/.ssh Might I suggest a comment added to /etc/ssh/sshd_config about Mageia change with something to the effect password required if key not in ~/.ssh That will keep idiots like me from opening problem reports. :) Severity:
normal =>
enhancement > PermitRootLogin > Specifies whether root can log in using ssh(1). The argument > must be âyesâ, âwithout-passwordâ, âforced-commands-onlyâ, or > ânoâ. The default is âyesâ. > > If this option is set to âwithout-passwordâ, password authenticaâ > tion is disabled for root. > > If this option is set to âforced-commands-onlyâ, root login with > public key authentication will be allowed, but only if the > command option has been specified (which may be useful for taking > remote backups even if root login is normally not allowed). All > other authentication methods are disabled for root. > > If this option is set to ânoâ, root is not allowed to log in. You want to allow password authentication. That is *very* bad for security. It will allow all the brute force attacks. Our default is more secure, not less. Status:
NEW =>
RESOLVED |