On Sat, 2014 Sep 27 15:40+0200, Thijs Kinkhorst wrote: > > So am I right to conclude that this bug actually concerns the change > that changes PermitRootLogin to without-password?
I believe that's the real issue, yes. > I think changing this default makes sense from a security perspective > as it provides the best compromise between securing a default install > versus the desire to log in as root directly. I won't argue that, but I don't see anything in openssh-server's package scripts addressing the case of a system with a root user + password but no regular user (i.e. root is the only login available). That's a valid outcome of debian-installer, and a typical scenario for me when creating a Linux VM image, and is how I ended up posting here. > However, I recognise that there are people that are using password- > based root login who may be surprised by this change. The proper > solution therefore may be to add a NEWS.Debian entry so everyone is > informed about this change, and a release notes item at that. If those > are added, this bug could be closed. Is there anything that can be done about the unhelpful auth.log messages? Package documentation is good, and the permit-root-login debconf question also helps there, but a user who is trying to diagnose the issue via syslog could use better hints as to what's going on. -- To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1411826799.756399.172393089.4c63d...@webmail.messagingengine.com
