diff options
Diffstat (limited to 'debian/openssh-server.templates')
-rw-r--r-- | debian/openssh-server.templates | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates new file mode 100644 index 000000000..e071fe3b8 --- /dev/null +++ b/debian/openssh-server.templates | |||
@@ -0,0 +1,23 @@ | |||
1 | Template: openssh-server/permit-root-login | ||
2 | Type: boolean | ||
3 | Default: true | ||
4 | _Description: Disable SSH password authentication for root? | ||
5 | Previous versions of openssh-server permitted logging in as root over SSH | ||
6 | using password authentication. The default for new installations is now | ||
7 | "PermitRootLogin prohibit-password", which disables password authentication | ||
8 | for root without breaking systems that have explicitly configured SSH | ||
9 | public key authentication for root. | ||
10 | . | ||
11 | This change makes systems more secure against brute-force password | ||
12 | dictionary attacks on the root user (a very common target for such | ||
13 | attacks). However, it may break systems that are set up with the | ||
14 | expectation of being able to SSH as root using password authentication. You | ||
15 | should only make this change if you do not need to do that. | ||
16 | |||
17 | Template: openssh-server/password-authentication | ||
18 | Type: boolean | ||
19 | Default: true | ||
20 | Description: Allow password authentication? | ||
21 | By default, the SSH server will allow authenticating using a password. | ||
22 | You may want to change this if all users on this system authenticate using | ||
23 | a stronger authentication method, such as public keys. | ||