[Bug 1887016] Re: Openssh default config has two PasswordAuthentication params
Rulon Oboev
1887016 at bugs.launchpad.net
Fri Jul 10 03:09:44 UTC 2020
I've made clean installation on my desktop from .iso downloaded from
ubuntu.com (also re-checked on virtualbox). No additional packages or
updates were installed.
Ubuntu Desktop config is OK though.
Maybe the problem is not in openssh package, but in some postinstall or
cloudinit scripts, that change the config file after OS installation?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1887016
Title:
Openssh default config has two PasswordAuthentication params
Status in openssh package in Ubuntu:
Incomplete
Bug description:
In Ubuntu server 20.04 the /etc/ssh/sshd_config file has an additional
`PasswordAuthentication yes` string in the end.
It can lead to security problems, because there's already one string
`# PasswordAuthentication yes` in the beginning of the file. It is
supposed to be uncommented if it's needed to change the default value.
But if the user uncomments this string and set in to "no", it will be
overriden by the last line of config.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1887016/+subscriptions
More information about the foundations-bugs
mailing list