Defaults changed for OpenSSH config in Kubuntu 14.04 Trusty Tahr

I rebuilt a box this morning, and when I installed openssh-server, I found a different option set as default in the config file–one that I believe is less secure.

Where previously, the default Authentications section looked like this:


# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

The default now looks like this:


# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

And I have, of course, set the switch to “no”.

I don’t personally allow root logins of any kind on any of my personal servers, and I do like that the default has been made more secure. It’s different, however, and my eyes might have scanned right over this switch if I didn’t have a list of things I change for security reasons each time I build a box. Caveat emptor.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>