Siduction Forum
Siduction Forum => Upgrade Warnings => Topic started by: musca on 2014/04/01, 17:40:16
-
Hello dear siduction users,
today Colin Watson has released new openssh packages in debian unstable for the pending ubuntu 14.04 LTS release.
The Release 6.6p1-2 handles configuration for sudoers in Ubuntu more userfriendly:
see https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300127
$ LANG=C apt-get changelog openssh-server | head -n8
Get:1 Changelog for openssh-server (http://packages.debian.org/changelogs/pool/main/o/openssh/openssh_6.6p1-2/changelog) [172 kB]
openssh (1:6.6p1-2) unstable; urgency=medium
* If no root password is set, then switch to "PermitRootLogin
without-password" without asking (LP: #1300127).
-- Colin Watson <cjwatson@debian.org> Mon, 31 Mar 2014 12:20:46 +0100
siduction users should just make sure they have set a root password.
greetings
musca
© siduction.org 2014/04/01
-
My first reaction: "That's an April Fools' joke."
But then I remembered Ubuntu allows for root-login-without-password.
-
At the first look it seemed to me that option allows "ssh free root login without any authentication", so just hitting Enter at PW request. But that is a misunderstanding of wording, without versus no.
From man sshd_config, that new default option says PermitRootLogin
If this option is set to "without-password", password authentication is disabled for root
Disabled. That means, "all authentication methods allowed except password authentication", so if root wants to log in this is only possible via other authentication methods (host based or public key authentication). Even if root has set a password and you type it, login would fail without the correct pair of keys.
And don't forget, there is still PermitEmptyPasswords=no set as default, which refuses login attempts to accounts with empty password strings.
-
ok, thanks for the profound explanation. It sheds light on those misinterpreted wordings.
-
Of course the ssh option "PermitRootLogin without-password" exactly is the opposite of allowing remote root access with an empty password.
And of course i never would play pranks on my dear siduction users.
greetings
musca
*snicker*