git: SSHD - Change default security

Matthew Dillon dillon at crater.dragonflybsd.org
Sun Nov 15 10:39:33 PST 2009


commit 85088528028b88399264dd4c006aeff001bbeb6b
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Sun Nov 15 10:33:06 2009 -0800

    SSHD - Change default security
    
    This only effects fresh installs.
    
    * Allow root logins via public key only (previously: root logins not allowed
      at all via ssh).  I've done this for years, it allows an authorized_keys
      file in ~root/.ssh to work without having to adjust /etc/ssh/sshd_config
      on every install.
    
    * Do not allow any login, root or otherwise, via tunneled plaintext password
      (previously: non-root logins were allowed via plaintext password).
    
      Often people want plaintext passwords on e.g. workstations for xdm or
      console logins, but do not want to allow their use over networked
      connections.  Since tunneled plaintext passwords are not considered very
      secure and alternatives exist (aka public key logins) we now disallow
      them by default.

Summary of changes:
 crypto/openssh/sshd_config |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/85088528028b88399264dd4c006aeff001bbeb6b


-- 
DragonFly BSD source repository





More information about the Commits mailing list