From 727f4a1b86911e6dae6618815097dbc4c5d5c658 Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 27 Apr 2015 21:42:48 +0000 Subject: [PATCH] Make sshd default to PermitRootLogin=no; ok deraadt@ rpe@ --- usr.bin/ssh/servconf.c | 4 ++-- usr.bin/ssh/sshd_config | 4 ++-- usr.bin/ssh/sshd_config.5 | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index cdafc0f23e1..82605130fa6 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */ +/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -199,7 +199,7 @@ fill_default_server_options(ServerOptions *options) if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) - options->permit_root_login = PERMIT_YES; + options->permit_root_login = PERMIT_NO; if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 31a7ce45541..74661f12790 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $ +# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -39,7 +39,7 @@ # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +#PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 3d6148ef446..10edd4989e1 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $ -.Dd $Mdocdate: April 16 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $ +.Dd $Mdocdate: April 27 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1094,7 +1094,7 @@ The argument must be or .Dq no . The default is -.Dq yes . +.Dq no . .Pp If this option is set to .Dq without-password , -- 2.20.1