[Bug 267170] security/openssh-portable : PermitRootLogin is set by default to "without-password" instead of "no"

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 18 Oct 2022 11:31:23 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267170

            Bug ID: 267170
           Summary: security/openssh-portable : PermitRootLogin is set by
                    default to "without-password" instead of "no"
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: simplerezo@gmail.com
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
          Assignee: bdrewery@FreeBSD.org

According to pkg-message:

"'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config."

Its wrong: by default PermitRootLogin is set to "prohibit-password"
("without-password" synonym), since... 2015.

# pkg install openssh-portable
[...]
# /usr/local/sbin/sshd -T | grep -i root
permitrootlogin without-password
chrootdirectory none


IMHO, to keep ports/base consistent, sshd_config should be patched to set
PermitRootLogin to "no", and a notice in UPDATING added.

-- 
You are receiving this mail because:
You are the assignee for the bug.