From owner-freebsd-stable  Fri Oct  5 16:14:12 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from wattres.Watt.COM (wattres.watt.com [205.178.120.6])
	by hub.freebsd.org (Postfix) with ESMTP id B566037B405
	for <stable@freebsd.org>; Fri,  5 Oct 2001 16:14:10 -0700 (PDT)
Received: (from steve@localhost)
	by wattres.Watt.COM (8.11.6/8.11.6) id f95NEAt79407
	for stable@freebsd.org; Fri, 5 Oct 2001 16:14:10 -0700 (PDT)
	(envelope-from steve)
Message-Id: <200110052314.f95NEAt79407@wattres.Watt.COM>
X-Newsgroups: local.freebsd-stable
In-Reply-To: <200110052155.f95Ltfa85481@earth.backplane.com>
References: <5.1.0.14.0.20011005120304.009f8590@127.0.0.1> <200110052040.f95KeTw84982@earth.backplane.com> <20011005165350.A22343@techsquare.com> <200110052058.f95KwSR85154@earth.backplane.com> <20011005170619.A42459@techsquare.com>
Organization: Watt Consultants, San Jose, CA, USA
From: steve@Watt.COM (Steve Watt)
Date: Fri, 5 Oct 2001 16:14:10 -0700
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: stable@freebsd.org
Subject: Re: Why sshd:PermitRootLogin = no ?
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

dillon@earth.backplane.com wrote:
>    I'm afraid I don't understand your point.  If without-password
>    makes sshd useful to a larger subsection of users without effecting
>    security on the original subsection, why wouldn't you want to make
>    the change?  Just because it may not make a difference for YOU doesn't
>    mean that it wouldn't be a useful change to make.

But it *can't* make it useful to any more users.  How do you get the
authorized-hosts file updated?  You edit it.  How do you get the
configuration changed to without-password from none?  You edit it.

Same work, no obvious advantage to without-password over no, and better
obvservance of "install in the most secure way possible".  Just like
the discard port is disabled in inetd.conf -- same concept.

-- 
Steve Watt KD6GGD  PP-ASEL-IA          ICBM: 121W 56' 57.8" / 37N 20' 14.9"
 Internet: steve @ Watt.COM                         Whois: SW32
   Free time?  There's no such thing.  It just comes in varying prices...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message