[Pkg-shadow-devel] Bug#731656: Please disable securetty by default
Balint Reczey
balint at balintreczey.hu
Thu Jan 19 17:20:17 UTC 2017
Control: tags -1 confirmed
Hi Josh,
On Sat, 07 Dec 2013 15:13:28 -0800 Josh Triplett <josh at joshtriplett.org>
wrote:
> Package: login
> Version: 1:4.1.5.1-1
> Severity: wishlist
>
> securetty dates back to the days when people still logged into systems
> via telnet and rlogin. These days, remote access occurs via SSH, which
> has its own configuration mechanism to determine whether to allow root
> logins (including more flexible approaches such as disallowing root
> logins by password but allowing them by key). And any local TTY should
> be considered a securetty by definition. Thus, I don't think securetty
> has any value anymore as part of the default configuration of login. I
> would suggest removing it by default.
I will look into that in the Buster cycle, this change would be too
intrusive now.
Cheers,
Balint
More information about the Pkg-shadow-devel
mailing list