Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Default install of sshd allows root login|
|Product:||[Retired] Red Hat Linux||Reporter:||Darren Gamble <darren.gamble>|
|Component:||openssh||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED DUPLICATE||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-10-24 03:41:00 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Darren Gamble 2003-06-09 17:30:08 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130 Description of problem: The default sshd_config file included in the package allows the root user to log in ("PermitRootLogin" is not "no"). Version-Release number of selected component (if applicable): openssh-server-3.5p1-6 How reproducible: Always Steps to Reproduce: 1. Attempt to ssh in as root to a machine with a default sshd install Actual Results: The login is accepted. Expected Results: The login should have been denied. Additional info: This appears to also have been the case with various versions of Red Hat in the past. It can be debated whether this actually a bug or not, but for a product that's supposedly secure out of the box, a root ssh login really should be disabled by default.
Comment 1 Peter van Egdom 2003-06-10 16:29:19 EDT
This is a duplicate bug report. See Red Hat Bugzilla Bug 89216.
Comment 2 Mark J. Cox (Product Security) 2003-06-11 04:06:07 EDT
*** This bug has been marked as a duplicate of 81296 ***
Comment 3 Darren Gamble 2003-06-11 11:03:20 EDT
Bug# 81296 has nothing to do with this problem. Perhaps you meant to mark that bug as a duplicate of bug# 89527?