On Fri, Oct 13, 2017 at 02:01:17PM +0100, Stuart Henderson wrote: > On 2017/10/13 12:57, Walter Alejandro Iglesias wrote: > > In sshd_config(5), to avoid confusion with PermitRootLogin options. > > > > Original: > > > > If this option is set to *prohibit-password* or *without-password*, > > password and keyboard-interactive authentication are disabled for > > root. > > > > Proposed: > > > > If this option is set to *prohibit-password* (renamed from > > *without-password* to avoid ambiguity, both valid) only non > > keyboard-interactive authentication (public-key, hostbased and GSSAPI) > > is allowed for root. > > How about a briefer alternative that points people towards the > more self-explanatory option keyword? > > Index: sshd_config.5 > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v > retrieving revision 1.254 > diff -u -p -r1.254 sshd_config.5 > --- sshd_config.5 9 Oct 2017 20:12:51 -0000 1.254 > +++ sshd_config.5 13 Oct 2017 12:59:14 -0000 > @@ -1198,10 +1198,11 @@ The default is > .Cm prohibit-password . > .Pp > If this option is set to > -.Cm prohibit-password > -or > -.Cm without-password , > +.Cm prohibit-password , > password and keyboard-interactive authentication are disabled for root. > +.Cm without-password > +is a deprecated alias for > +.Cm prohibit-password . > .Pp > If this option is set to > .Cm forced-commands-only , >
i agree that we should not try to list all the other types that are valid, since it means one more thing to remember when things change. and means adding more text. i'm fine with your diff, but couldn;t resist having a stab myself: Index: sshd_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.254 diff -u -r1.254 sshd_config.5 --- sshd_config.5 9 Oct 2017 20:12:51 -0000 1.254 +++ sshd_config.5 13 Oct 2017 14:52:03 -0000 @@ -1190,7 +1190,6 @@ The argument must be .Cm yes , .Cm prohibit-password , -.Cm without-password , .Cm forced-commands-only , or .Cm no . @@ -1199,8 +1198,8 @@ .Pp If this option is set to .Cm prohibit-password -or -.Cm without-password , +(or its deprecated alias, +.Cm without-password ) , password and keyboard-interactive authentication are disabled for root. .Pp If this option is set to
