ALT Linux Bugzilla – Full Text Bug Listing
| Summary: | [FR] group wheel with PasswordAuthentication disabled by default | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Sisyphus | Reporter: | Ivan Zakharyaschev <imz> | ||||
| Component: | openssh-server | Assignee: | Gleb F-Malinovskiy <glebfm> | ||||
| Status: | CLOSED FIXED | QA Contact: | qa-sisyphus | ||||
| Severity: | enhancement | ||||||
| Priority: | P2 | CC: | aen, asy, cas, glebfm, ldv, mike, vitty, vt | ||||
| Version: | unstable | ||||||
| Hardware: | all | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
(In reply to comment #0) > I suggest a more secure default configuration for consideration: I object to this being a default, and strongly object to changing such a default without prior public debate. > If it is decided that this configuration is not appropriate as a default, it > could still be exposed in comments Definitely. > or as an option in the default configuration > tool (alterator?) in order to be of some use. control(8) I believe. openssh-5.3p1-alt2 -> sisyphus: * Wed Jun 23 2010 Dmitry V. Levin <ldv@altlinux> 5.3p1-alt2 - Enabled sftp by default. - /etc/pam.d/sshd: Changed to use common-login. - sshd_config: Disabled PasswordAuthentication for "wheel" group members (imz@; closes: #17286). Hm... What about another way ? https://bugzilla.altlinux.org/show_bug.cgi?id=11669 |
Created attachment 2943 [details] sshd_config-wheel-without-password.diff openssh-server-4.7p1-alt1 I suggest a more secure default configuration for consideration: Match Group wheel PasswordAuthentication no It continues the logic of the default "PermitRootLogin without-password": it disables the login with password for group wheel. The drawback is that it might irritate some users who are in the group wheel, if their systems are not exposed to the corresponding dangers (of guessing the password for known usernames by intruders). If it is decided that this configuration is not appropriate as a default, it could still be exposed in comments or as an option in the default configuration tool (alterator?) in order to be of some use.