Red Hat Bugzilla – Bug 201794
Warn via Logwatch when sshd PermitRootLogin is in effect
Last modified: 2007-11-30 17:11:39 EST
Description of problem:
sshd allows root login by default. (/etc/ssh/sshd_config)
When this is the case, I would like a new option to cause a warning that
If RootLogin is permitted by default, thewarning shuld be produced by default too.
Then sysadmins may either turn off the warning, or disallow root login. (or get
nagged daily :-) )
Version-Release number of selected component (if applicable):
not applicable - enhancement request
Steps to Reproduce:
1. not applicable - enhancement request
currently a system has this exposure, and no warnings are produced.
Desired results: a warning in the Logwatch (SSHD section) so an informed
decision is made... yes, allow that; no, turn it off.
For various reasons it seems allowing root acess by default is desirable...
that's fine.... I'm not asking to change the default. But it would be beneficial
to bring that little gem to sysadmins' attention by including a warning in the
I would like to see something in my Logwatch report (SSHD section) like:
Warning: root access is allowed via ssh. Ref /etc/ssh/sshd_config
Then obviously the proper action can be taken:
1 - turn off the warning (yes, I know, I want that)
2 - deny root logon (say what?! Thanks for telling me, I'll stop that right now)
1. This feature is nice to have however I don't think this is a feature we must
have otherwise we are not enough secure or that this functionality is really
required for ssh to work properly.
2. We try to keep as close to upstream as possible.
Given 1. and 2., could you please report this enhancement request to upstream
Also there is no need for another configuration option as there could be another
value 'warn' for the existing PermitRootLogin option which would be assigned by
Bug/rfe created upstream...