diff options
Diffstat (limited to 'debian/openssh-server.templates')
| -rw-r--r-- | debian/openssh-server.templates | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates new file mode 100644 index 000000000..1bc8a3308 --- /dev/null +++ b/debian/openssh-server.templates | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | Template: openssh-server/permit-root-login | ||
| 2 | Type: boolean | ||
| 3 | Default: false | ||
| 4 | _Description: Disable SSH password authentication for root? | ||
| 5 | Previous versions of openssh-server permitted logging in as root over SSH | ||
| 6 | using password authentication. The default for new installations is now | ||
| 7 | "PermitRootLogin prohibit-password", which disables password authentication | ||
| 8 | for root without breaking systems that have explicitly configured SSH | ||
| 9 | public key authentication for root. | ||
| 10 | . | ||
| 11 | This change makes systems more secure against brute-force password | ||
| 12 | dictionary attacks on the root user (a very common target for such | ||
| 13 | attacks). However, it may break systems that are set up with the | ||
| 14 | expectation of being able to SSH as root using password authentication. You | ||
| 15 | should only make this change if you do not need to do that. | ||