'PermitRootLogin no' sshd_config default on latest snapshot even though ssh root key specified in install.conf

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

'PermitRootLogin no' sshd_config default on latest snapshot even though ssh root key specified in install.conf

Seth
Today I ran an automated installation using the latest amd64 install58.iso  
media.

A root ssh key was specified in install.conf, and the key is being  
correctly installed in /root/.ssh/authorized_keys.

This method was working fine with the 5.7 release, but apparently 5.8 now  
sets 'PermitRootLogin no' in /etc/ssh/sshd_config even when a root ssh key  
is specified in install.conf.

Looking through the relevant commits over the last few months [1], it  
appears that the setting keeps getting 'twiddled' back and forth.

What's the long term plan for this? My preference is that root ssh pubkey  
logins are allowed on reboot.

[1] http://freshbsd.org/search?project=openbsd&q=permitrootlogin

Reply | Threaded
Open this post in threaded view
|

Re: 'PermitRootLogin no' sshd_config default on latest snapshot even though ssh root key specified in install.conf

Stuart Henderson
On 2015-07-29, Seth <[hidden email]> wrote:

> Today I ran an automated installation using the latest amd64 install58.iso  
> media.
>
> A root ssh key was specified in install.conf, and the key is being  
> correctly installed in /root/.ssh/authorized_keys.
>
> This method was working fine with the 5.7 release, but apparently 5.8 now  
> sets 'PermitRootLogin no' in /etc/ssh/sshd_config even when a root ssh key  
> is specified in install.conf.
>
> Looking through the relevant commits over the last few months [1], it  
> appears that the setting keeps getting 'twiddled' back and forth.
>
> What's the long term plan for this? My preference is that root ssh pubkey  
> logins are allowed on reboot.
>
> [1] http://freshbsd.org/search?project=openbsd&q=permitrootlogin

There's a new question, "Enable sshd(8) logins to root?" which you should
answer in install.conf, it will then use "PermitRootLogin without-password".