On Sun, 20 Sep 2015, Randall Baran wrote: > I recently made an internet gateway by installing two NICs into a > computer and installing OpenBSD. I used the default installation which > was easy to do and works very well. The problem is that I was able to > log on the machine as root remotely from the internet side using puTTY. > I do not feel very secure knowing that my root password is the only > thing* standing in the way of some hacker having his/her way with my > machine. I would like to suggest that this feature be turned off in the > default install in future versions of OpenBSD.
The default for PermitRootLogin was changed to prohibit-password back in July. Philip Guenther
