Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic:  new openssh packages  (Read 2214 times)

Offline musca

  • User
  • Posts: 725
  • sid, fly high!
new openssh packages
« on: 2014/04/01, 17:40:16 »
Hello dear siduction users,

today  Colin Watson has released new openssh packages in debian unstable for the pending ubuntu 14.04 LTS release.

The Release 6.6p1-2 handles configuration for sudoers in Ubuntu more userfriendly:
see  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300127

Code: [Select]
$ LANG=C apt-get changelog openssh-server | head -n8
Get:1 Changelog for openssh-server (http://packages.debian.org/changelogs/pool/main/o/openssh/openssh_6.6p1-2/changelog) [172 kB]

openssh (1:6.6p1-2) unstable; urgency=medium

  * If no root password is set, then switch to "PermitRootLogin
    without-password" without asking (LP: #1300127).

 -- Colin Watson <cjwatson@debian.org>  Mon, 31 Mar 2014 12:20:46 +0100


siduction users should just make sure they have set a root password.

greetings
musca

© siduction.org 2014/04/01
 

„Es irrt der Mensch, solang er strebt.“  (Goethe, Faust)

Offline michaa7

  • User
  • Posts: 2.295
Re: new openssh packages
« Reply #1 on: 2014/04/03, 14:24:20 »
My first reaction: "That's an April Fools' joke."

But then I remembered Ubuntu allows for root-login-without-password.
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

Offline der_bud

  • User
  • Posts: 1.072
  • member
Re: new openssh packages
« Reply #2 on: 2014/04/03, 16:42:30 »
At the first look it seemed to me that option allows "ssh free root login without any authentication", so just hitting Enter at PW request. But that is a misunderstanding of wording, without versus no.

From man sshd_config, that new default option says
Quote
PermitRootLogin
If this option is set to "without-password", password authentication is disabled for root

Disabled. That means, "all authentication methods allowed except password authentication", so if root wants to log in this is only possible via other authentication methods (host based or public key authentication). Even if root has set a password and you type it, login would fail without the correct pair of keys.

And don't forget, there is still PermitEmptyPasswords=no set as default, which refuses login attempts to accounts with empty password strings.
Du lachst? Wieso lachst du? Das ist doch oft so, Leute lachen erst und dann sind sie tot.

Offline michaa7

  • User
  • Posts: 2.295
Re: new openssh packages
« Reply #3 on: 2014/04/03, 17:20:53 »
ok, thanks for the profound explanation. It sheds light on those misinterpreted wordings.
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

Offline musca

  • User
  • Posts: 725
  • sid, fly high!
Re: new openssh packages
« Reply #4 on: 2014/04/03, 19:29:56 »

Of course the ssh option "PermitRootLogin without-password" exactly is the opposite of allowing remote root access with an empty password.

And of course i never would play pranks on my dear siduction users.

greetings
musca

 *snicker*

„Es irrt der Mensch, solang er strebt.“  (Goethe, Faust)