git: SSHD - Change default security
Matthew Dillon
dillon at crater.dragonflybsd.org
Sun Nov 15 10:39:33 PST 2009
commit 85088528028b88399264dd4c006aeff001bbeb6b
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Sun Nov 15 10:33:06 2009 -0800
SSHD - Change default security
This only effects fresh installs.
* Allow root logins via public key only (previously: root logins not allowed
at all via ssh). I've done this for years, it allows an authorized_keys
file in ~root/.ssh to work without having to adjust /etc/ssh/sshd_config
on every install.
* Do not allow any login, root or otherwise, via tunneled plaintext password
(previously: non-root logins were allowed via plaintext password).
Often people want plaintext passwords on e.g. workstations for xdm or
console logins, but do not want to allow their use over networked
connections. Since tunneled plaintext passwords are not considered very
secure and alternatives exist (aka public key logins) we now disallow
them by default.
Summary of changes:
crypto/openssh/sshd_config | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/85088528028b88399264dd4c006aeff001bbeb6b
--
DragonFly BSD source repository
More information about the Commits
mailing list