Kubuntu

Defaults changed for OpenSSH config in Kubuntu 14.04 Trusty Tahr

I rebuilt a box this morning, and when I installed openssh-server, I found a different option set as default in the config file–one that I believe is less secure.

Where previously, the default Authentications section looked like this:


# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

The default now looks like this:


# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

And I have, of course, set the switch to “no”.

I don’t personally allow root logins of any kind on any of my personal servers, and I do like that the default has been made more secure. It’s different, however, and my eyes might have scanned right over this switch if I didn’t have a list of things I change for security reasons each time I build a box. Caveat emptor.