OpenSSH server sshd_config PermitRootLogin -> NO
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Opinion
|
Wishlist
|
Unassigned |
Bug Description
Ubuntu does not use the root account directly so the PermitRootLogin directive in sshd_config should be set to "no" by default. This policy is backed by the upstream documentation:
"For security reasons, it is bad practice to log in as root during regular
use and maintenance of the system. Instead, administrators are encour-
aged to add a ``regular'' user, add said user to the ``wheel'' group,
then use the su(1) and sudo(8) commands when root privileges are re-
quired. This process is described in more detail later."
From : http://
Bruteforce attacks against the root account are now continual and have been for several years:
http://
If there are shortcomings in the the documentation and guides for sudo or how to use key-based autentication, then they should be addressed there so that this default setting can be set properly.
Description: Ubuntu lucid (development branch)
Release: 10.04
openssh-server:
Installed: 1:5.2p1-2ubuntu1
Candidate: 1:5.2p1-2ubuntu1
Version table:
*** 1:5.2p1-2ubuntu1 0
500 http://
100 /var/lib/
On Thu, Jan 21, 2010 at 04:21:25PM -0000, Lars Noodén wrote:
> Public bug reported:
>
> Ubuntu does not use the root account directly so the PermitRootLogin
> directive in sshd_config should be set to "no" by default.
Since the root account is disabled by default, it's impossible to login as root
by default.
Could you elaborate how defaulting PermitRootLogin to no would improve the
default installation?
status incomplete
importance wishlist
-- www.ubuntu. com
Mathias Gug
Ubuntu Developer http://