Bug 201794 - Warn via Logwatch when sshd PermitRootLogin is in effect
Warn via Logwatch when sshd PermitRootLogin is in effect
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-08-08 17:09 EDT by Don Russell
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-09 03:04:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Don Russell 2006-08-08 17:09:33 EDT
Description of problem:
sshd allows root login by default. (/etc/ssh/sshd_config)
PermitRootLogin yes

When this is the case, I would like a new option to cause a warning that
Logwatch, perhaps:

PermitRootLoginWarn yes

If RootLogin is permitted by default, thewarning shuld be produced by default too.

Then sysadmins may either turn off the warning, or disallow root login. (or get
nagged daily :-) )

Version-Release number of selected component (if applicable):

How reproducible:
not applicable - enhancement request

Steps to Reproduce:
1. not applicable - enhancement request
Actual results:
currently a system has this exposure, and no warnings are produced.

Expected results:
Desired results: a warning in the Logwatch (SSHD section) so an informed
decision is made... yes, allow that; no, turn it off.

Additional info:

For various reasons it seems allowing root acess by default is desirable...
that's fine.... I'm not asking to change the default. But it would be beneficial
to bring that little gem to sysadmins' attention by including a warning in the
Logwatch report.

I would like to see something in my Logwatch report (SSHD section) like:
Warning: root access is allowed via ssh. Ref /etc/ssh/sshd_config

Then obviously the proper action can be taken:
1 - turn off the warning (yes, I know, I want that)
2 - deny root logon (say what?! Thanks for telling me, I'll stop that right now)

Comment 1 Tomas Mraz 2006-08-09 03:04:56 EDT
1. This feature is nice to have however I don't think this is a feature we must
have otherwise we are not enough secure or that this functionality is really
required for ssh to work properly.

2. We try to keep as close to upstream as possible.

Given 1. and 2., could you please report this enhancement request to upstream

Also there is no need for another configuration option as there could be another
value 'warn' for the existing PermitRootLogin option which would be assigned by
Comment 2 Don Russell 2006-08-09 12:40:02 EDT
Bug/rfe created upstream...
Ref. http://bugzilla.mindrot.org/show_bug.cgi?id=1216


Note You need to log in before you can comment on or make changes to this bug.