閱讀文章 - 看板 DFBSD_commit

發信人Matthew Dillon <dillon@crater.dragonflybsd.org>,

看板DFBSD_commit

標題git: SSHD - Change default security

發信站(null) (Sun Nov 15 18:39:04 2009)

轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M

commit 85088528028b88399264dd4c006aeff001bbeb6b Author: Matthew Dillon <dillon@apollo.backplane.com> Date: Sun Nov 15 10:33:06 2009 -0800 SSHD - Change default security This only effects fresh installs. * Allow root logins via public key only (previously: root logins not allowed at all via ssh). I've done this for years, it allows an authorized_keys file in ~root/.ssh to work without having to adjust /etc/ssh/sshd_config on every install. * Do not allow any login, root or otherwise, via tunneled plaintext password (previously: non-root logins were allowed via plaintext password). Often people want plaintext passwords on e.g. workstations for xdm or console logins, but do not want to allow their use over networked connections. Since tunneled plaintext passwords are not considered very secure and alternatives exist (aka public key logins) we now disallow them by default. Summary of changes: crypto/openssh/sshd_config | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/85088528028b88399264dd4c006aeff001bbeb6b -- DragonFly BSD source repository