upstream commit

Make sshd default to PermitRootLogin=no; ok deraadt@ rpe@
2025-03-04 21:57:48 +00:00 · 2015-04-27 21:42:48 +00:00 · 2015-04-27 21:42:48 +00:00 · 88a7c598a9
commit 88a7c598a9
parent 734226b448
3 changed files with 7 additions and 7 deletions
--- a/servconf.c
+++ b/servconf.c
@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -216,7 +216,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->key_regeneration_time == -1)
 		options->key_regeneration_time = 3600;
 	if (options->permit_root_login == PERMIT_NOT_SET)
-		options->permit_root_login = PERMIT_YES;
+		options->permit_root_login = PERMIT_NO;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $
+#	$OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@ -41,7 +41,7 @@
 # Authentication:
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
--- a/sshd_config.5
+++ b/sshd_config.5
@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $
-.Dd $Mdocdate: April 16 2015 $
+.Dd $Mdocdate: April 27 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@ -1093,7 +1093,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 .Pp
 If this option is set to
 .Dq without-password ,