Bug 267170 - security/openssh-portable : PermitRootLogin is set by default to "without-password" instead of "no"
Summary: security/openssh-portable : PermitRootLogin is set by default to "without-pas...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-18 11:31 UTC by SimpleRezo
Modified: 2022-10-25 15:04 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (bdrewery)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SimpleRezo 2022-10-18 11:31:23 UTC 
According to pkg-message:

"'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config."

Its wrong: by default PermitRootLogin is set to "prohibit-password" ("without-password" synonym), since... 2015.

# pkg install openssh-portable
[...]
# /usr/local/sbin/sshd -T | grep -i root
permitrootlogin without-password
chrootdirectory none


IMHO, to keep ports/base consistent, sshd_config should be patched to set PermitRootLogin to "no", and a notice in UPDATING added.