openssh on Gentoo is by default installed using PermitRootLogin yes, which is the default for the openssh server. This can be a serious problem, if people go handing out their root-passwords on IRC to have others fix problems for them, and are not aware of the dangers. I think it would be best to have this setting disabled globally, and to print an informative message after installation of openssh has completed, that the user must set it to on explicitly if he/she wishes to do so. Most distributions I know (apart from Gentoo) come bundled with this set to no. Reproducible: Always Steps to Reproduce: 1. emerge openssh 2. 3. Actual Results: /etc/ssh/sshd_config contains default lines: # PermitRootLogin yes Expected Results: IMO it should have installed with PermitRootLogin no
Created attachment 25388 [details] New build file which includes patch, unless allowrootlogin is set in USE flags.
Created attachment 25389 [details] Diff to openssh build directory to incorporate patch to distributed sshd_config
Additional feature request: Set Protocol 2 by default, so that protocol 1 logins are disallowed. This patch could come in a similar fashion as the one to which I have created the attachments.
Instead of disable only the root account, I would prefer something like AllowUsers foobar This also prevents logins as on of the many system accounts (if one isn't created right).
I don't think this is a good idea at all. I often build machines remotely using ssh and I don't always add an account for myself (ie: they aren't my machines). If I can't ssh in after the install to finish setting up the machine I'm going to be pretty pissed off. If someone goes and tells their root password on irc and gets hacked then too bad, it isn't our responsibility. Furthermore, it's purely a preference issue and I'd wager that many more prefer it on than off.
i agree with method that we should leave root access enabled. but i think we should consider what is said in comment #3: protocol 2 only by default. discussion? also, the gentoo security guide <http://www.gentoo.org/doc/en/gentoo-security.xml> shows a sample sshd_config in code listing 11.3, which has root login turned off and protocol 2 only. but there is no real explanation of what was changed from the default. some text should be added to the doc to explain the changes. maybe also encourage users to read that doc at the end of the install handbook.
I'd offer to write the text for the gentoo-security manual, if there is interest. I'd be very happy to make a great distribution even better, by giving, at least in writing, sensible defaults for most of the settings (tcp-wrappers, ssh, etc.). If there's interest, I'll write something up.
I have nothing valuable to add to this other than to say don't give out your root password over IRC (It's a plain text protocol!!) I'll add the docs-team@ to this bug so they can see your interest in working on that document. Somebody there should be able to help facilitate a commit of any diff's you may have to the existing xml document.
i'd be for the disabling protocol 1 by default ... any qualms with that method ?
not at all.. ssh1 is old and has issues anyway, I'm not even sure under what circumstances one might need it (really old ssh clients on unsupported platforms?) the security guide might also benefit with a blurb on the beauty of key based authentication (if it doesn't already have one).. That'd be nice to tell users about
added a dosed to enable this by default, thanks all
*** Bug 42506 has been marked as a duplicate of this bug. ***
*** Bug 57348 has been marked as a duplicate of this bug. ***
*** Bug 66488 has been marked as a duplicate of this bug. ***
*** Bug 76363 has been marked as a duplicate of this bug. ***