DragonFly BSD
DragonFly commits List (threaded) for 2009-11
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: SSHD - Change default security

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 15 Nov 2009 10:39:04 -0800 (PST)

commit 85088528028b88399264dd4c006aeff001bbeb6b
Author: Matthew Dillon <dillon@apollo.backplane.com>
Date:   Sun Nov 15 10:33:06 2009 -0800

    SSHD - Change default security
    This only effects fresh installs.
    * Allow root logins via public key only (previously: root logins not allowed
      at all via ssh).  I've done this for years, it allows an authorized_keys
      file in ~root/.ssh to work without having to adjust /etc/ssh/sshd_config
      on every install.
    * Do not allow any login, root or otherwise, via tunneled plaintext password
      (previously: non-root logins were allowed via plaintext password).
      Often people want plaintext passwords on e.g. workstations for xdm or
      console logins, but do not want to allow their use over networked
      connections.  Since tunneled plaintext passwords are not considered very
      secure and alternatives exist (aka public key logins) we now disallow
      them by default.

Summary of changes:
 crypto/openssh/sshd_config |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)


DragonFly BSD source repository

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]