On Fri, Oct 13, 2017 at 05:51:49PM +0200, Walter Alejandro Iglesias wrote: > In article <20171013145400.GA82524@harkle> Jason McIntyre > <[email protected]> wrote: > > On Fri, Oct 13, 2017 at 02:01:17PM +0100, Stuart Henderson wrote: > > > On 2017/10/13 12:57, Walter Alejandro Iglesias wrote: > > > > In sshd_config(5), to avoid confusion with PermitRootLogin options. > > > > > > > > Original: > > > > > > > > If this option is set to *prohibit-password* or *without-password*, > > > > password and keyboard-interactive authentication are disabled for > > > > root. > > > > > > > > Proposed: > > > > > > > > If this option is set to *prohibit-password* (renamed from > > > > *without-password* to avoid ambiguity, both valid) only non > > > > keyboard-interactive authentication (public-key, hostbased and GSSAPI) > > > > is allowed for root. > > > > > > How about a briefer alternative that points people towards the > > > more self-explanatory option keyword? > > > > > > Index: sshd_config.5 > > > =================================================================== > > > RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v > > > retrieving revision 1.254 > > > diff -u -p -r1.254 sshd_config.5 > > > --- sshd_config.5 9 Oct 2017 20:12:51 -0000 1.254 > > > +++ sshd_config.5 13 Oct 2017 12:59:14 -0000 > > > @@ -1198,10 +1198,11 @@ The default is > > > .Cm prohibit-password . > > > .Pp > > > If this option is set to > > > -.Cm prohibit-password > > > -or > > > -.Cm without-password , > > > +.Cm prohibit-password , > > > password and keyboard-interactive authentication are disabled for root. > > > +.Cm without-password > > > +is a deprecated alias for > > > +.Cm prohibit-password . > > > .Pp > > > If this option is set to > > > .Cm forced-commands-only , > > > > > > > i agree that we should not try to list all the other types that are > > valid, since it means one more thing to remember when things change. > > and means adding more text. > > > > i'm fine with your diff, but couldn;t resist having a stab myself: > > The first paragraph is the more important. I like this version. > >
i just committed it. thanks for your mail. jmc
