[Bug 510732] Re: OpenSSH server sshd_config PermitRootLogin -> NO

[Lars Noodén]

Jamie, the various backup strategies that I have seen are all suited to
using sudo.  They all run a program or script which receives some
arguments at run time.  That includes rsync over ssh.  Could you please
be specific about which backup strategy is not able to work with sudo?

Kees, yes, I see that it is not an new issue.  However, there is no need
to rationalize legacy settings.  The closest to a real choice is between
a small up front investment in knowledge or documentation about sudo
versus a larger mess later on.   In that way, the assertion of security
XOR usability,  appears to be a false dichotomy.

Colin, this bug report is for Ubuntu, not Debian, OpenSSH portable team,
or OpenBSD.  The object is to address the relative weakness of Ubuntu
servers in regards to bruteforce attacks against root accounts.  Since
upstream is mentioned, you probably have direct experience there.  I
would remind then that OpenSSH is developed as part of OpenBSD and that
when installing OpenBSD, the default there during the basic installation
is if a regular user is added is to turn off remote root login.  So one
compromise would be to add the same option to the Ubuntu server
installation script.

Most sub-distros do not have openssh-server by default, so this bug does
not affect them, only AFAIK the Ubuntu server.

-- 
OpenSSH server sshd_config PermitRootLogin -> NO
https://bugs.launchpad.net/bugs/510732
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.