Description of problem: sshd allows root login by default. (/etc/ssh/sshd_config) PermitRootLogin yes When this is the case, I would like a new option to cause a warning that Logwatch, perhaps: PermitRootLoginWarn yes If RootLogin is permitted by default, thewarning shuld be produced by default too. Then sysadmins may either turn off the warning, or disallow root login. (or get nagged daily :-) ) Version-Release number of selected component (if applicable): 4.3p2-4 How reproducible: not applicable - enhancement request Steps to Reproduce: 1. not applicable - enhancement request 2. 3. Actual results: currently a system has this exposure, and no warnings are produced. Expected results: Desired results: a warning in the Logwatch (SSHD section) so an informed decision is made... yes, allow that; no, turn it off. Additional info: For various reasons it seems allowing root acess by default is desirable... that's fine.... I'm not asking to change the default. But it would be beneficial to bring that little gem to sysadmins' attention by including a warning in the Logwatch report. I would like to see something in my Logwatch report (SSHD section) like: Warning: root access is allowed via ssh. Ref /etc/ssh/sshd_config Then obviously the proper action can be taken: 1 - turn off the warning (yes, I know, I want that) 2 - deny root logon (say what?! Thanks for telling me, I'll stop that right now) :-)
1. This feature is nice to have however I don't think this is a feature we must have otherwise we are not enough secure or that this functionality is really required for ssh to work properly. 2. We try to keep as close to upstream as possible. Given 1. and 2., could you please report this enhancement request to upstream bugzilla.mindrot.org. Also there is no need for another configuration option as there could be another value 'warn' for the existing PermitRootLogin option which would be assigned by default.
Bug/rfe created upstream... Ref. http://bugzilla.mindrot.org/show_bug.cgi?id=1216 Thanks