upstream commit

Make sshd default to PermitRootLogin=no; ok deraadt@ rpe@
author: djm@openbsd.org <djm@openbsd.org> 2015-04-27 21:42:48 +0000
committer: Damien Miller <djm@mindrot.org> 2015-04-29 18:20:12 +1000
commit: 88a7c598a94ff53f76df228eeaae238d2d467565 (patch)
tree: b2c795e82447894f9862097d991d5b522ca5dd09
parent: 734226b4480a6c736096c729fcf6f391400599c7 (diff)
3 files changed, 7 insertions, 7 deletions
diff --git a/servconf.c b/servconf.c
index d4a48a016..8d56a309b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -216,7 +216,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->key_regeneration_time == -1)
                options->key_regeneration_time = 3600;
        if (options->permit_root_login == PERMIT_NOT_SET)
-                options->permit_root_login = PERMIT_YES;
+                options->permit_root_login = PERMIT_NO;
        if (options->ignore_rhosts == -1)
                options->ignore_rhosts = 1;
        if (options->ignore_user_known_hosts == -1)
diff --git a/sshd_config b/sshd_config
index c9042ac3c..cf7d8e1e8 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $
+#       $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -41,7 +41,7 @@
 # Authentication:
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
diff --git a/sshd_config.5 b/sshd_config.5
index 2bc9360d0..d3148c2c9 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $
-.Dd $Mdocdate: April 16 2015 $
+.Dd $Mdocdate: April 27 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1093,7 +1093,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 .Pp
 If this option is set to
 .Dq without-password ,
author	djm@openbsd.org <djm@openbsd.org>	2015-04-27 21:42:48 +0000
committer	Damien Miller <djm@mindrot.org>	2015-04-29 18:20:12 +1000
commit	88a7c598a94ff53f76df228eeaae238d2d467565 (patch)
tree	b2c795e82447894f9862097d991d5b522ca5dd09
parent	734226b4480a6c736096c729fcf6f391400599c7 (diff)

diff --git a/servconf.c b/servconf.c index d4a48a016..8d56a309b 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,5 @@
1		1
2	/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */	2	/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */
3	/*	3	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	5	* All rights reserved
@@ -216,7 +216,7 @@ fill_default_server_options(ServerOptions *options)
216	if (options->key_regeneration_time == -1)	216	if (options->key_regeneration_time == -1)
217	options->key_regeneration_time = 3600;	217	options->key_regeneration_time = 3600;
218	if (options->permit_root_login == PERMIT_NOT_SET)	218	if (options->permit_root_login == PERMIT_NOT_SET)
219	options->permit_root_login = PERMIT_YES;	219	options->permit_root_login = PERMIT_NO;
220	if (options->ignore_rhosts == -1)	220	if (options->ignore_rhosts == -1)
221	options->ignore_rhosts = 1;	221	options->ignore_rhosts = 1;
222	if (options->ignore_user_known_hosts == -1)	222	if (options->ignore_user_known_hosts == -1)


diff --git a/sshd_config b/sshd_config index c9042ac3c..cf7d8e1e8 100644 --- a/sshd_config +++ b/sshd_config
@@ -1,4 +1,4 @@
1	# $OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $	1	# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
2		2
3	# This is the sshd server system-wide configuration file. See	3	# This is the sshd server system-wide configuration file. See
4	# sshd_config(5) for more information.	4	# sshd_config(5) for more information.
@@ -41,7 +41,7 @@
41	# Authentication:	41	# Authentication:
42		42
43	#LoginGraceTime 2m	43	#LoginGraceTime 2m
44	#PermitRootLogin yes	44	#PermitRootLogin no
45	#StrictModes yes	45	#StrictModes yes
46	#MaxAuthTries 6	46	#MaxAuthTries 6
47	#MaxSessions 10	47	#MaxSessions 10


diff --git a/sshd_config.5 b/sshd_config.5 index 2bc9360d0..d3148c2c9 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $
37	.Dd $Mdocdate: April 16 2015 $	37	.Dd $Mdocdate: April 27 2015 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1093,7 +1093,7 @@ The argument must be
1093	or	1093	or
1094	.Dq no .	1094	.Dq no .
1095	The default is	1095	The default is
1096	.Dq yes .	1096	.Dq no .
1097	.Pp	1097	.Pp
1098	If this option is set to	1098	If this option is set to
1099	.Dq without-password ,	1099	.Dq without-password ,