Siduction Forum

Siduction Forum => Upgrade Warnings => Topic started by: musca on 2014/04/01, 17:40:16

Title: new openssh packages
Post by: musca on 2014/04/01, 17:40:16

Hello dear siduction users,

today  Colin Watson has released new openssh packages in debian unstable for the pending ubuntu 14.04 LTS release.

The Release 6.6p1-2 handles configuration for sudoers in Ubuntu more userfriendly:
see  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300127

Code: [Select]

$ LANG=C apt-get changelog openssh-server | head -n8
Get:1 Changelog for openssh-server (http://packages.debian.org/changelogs/pool/main/o/openssh/openssh_6.6p1-2/changelog) [172 kB]

openssh (1:6.6p1-2) unstable; urgency=medium

  * If no root password is set, then switch to "PermitRootLogin
    without-password" without asking (LP: #1300127).

 -- Colin Watson <cjwatson@debian.org>  Mon, 31 Mar 2014 12:20:46 +0100


siduction users should just make sure they have set a root password.

greetings
musca

© siduction.org 2014/04/01
 

Title: Re: new openssh packages
Post by: michaa7 on 2014/04/03, 14:24:20

My first reaction: "That's an April Fools' joke."

But then I remembered Ubuntu allows for root-login-without-password.

Title: Re: new openssh packages
Post by: der_bud on 2014/04/03, 16:42:30

At the first look it seemed to me that option allows "ssh free root login without any authentication", so just hitting Enter at PW request. But that is a misunderstanding of wording, without versus no.

From man sshd_config, that new default option says

Quote

PermitRootLogin
If this option is set to "without-password", password authentication is disabled for root

Disabled. That means, "all authentication methods allowed except password authentication", so if root wants to log in this is only possible via other authentication methods (host based or public key authentication). Even if root has set a password and you type it, login would fail without the correct pair of keys.

And don't forget, there is still PermitEmptyPasswords=no set as default, which refuses login attempts to accounts with empty password strings.

Title: Re: new openssh packages
Post by: michaa7 on 2014/04/03, 17:20:53

ok, thanks for the profound explanation. It sheds light on those misinterpreted wordings.

Title: Re: new openssh packages
Post by: musca on 2014/04/03, 19:29:56

Of course the ssh option "PermitRootLogin without-password" exactly is the opposite of allowing remote root access with an empty password.

And of course i never would play pranks on my dear siduction users.

greetings
musca

 *snicker*