# HG changeset patch # Parent af43d436bc7fe818dd976c923ad99b89051eb299 Allow root login with password by default. While less secure than upstream default of forbidding access to the root account with a password, we are temporarily introducing this change to keep the default used in older OpenSSH versions shipped with SLE. Index: openssh-8.4p1/servconf.c =================================================================== --- openssh-8.4p1.orig/servconf.c +++ openssh-8.4p1/servconf.c @@ -329,7 +329,7 @@ fill_default_server_options(ServerOption if (options->login_grace_time == -1) options->login_grace_time = 120; if (options->permit_root_login == PERMIT_NOT_SET) - options->permit_root_login = PERMIT_NO_PASSWD; + options->permit_root_login = PERMIT_YES; if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) Index: openssh-8.4p1/sshd_config =================================================================== --- openssh-8.4p1.orig/sshd_config +++ openssh-8.4p1/sshd_config @@ -29,7 +29,7 @@ # Authentication: #LoginGraceTime 2m -#PermitRootLogin prohibit-password +PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 Index: openssh-8.4p1/sshd_config.0 =================================================================== --- openssh-8.4p1.orig/sshd_config.0 +++ openssh-8.4p1/sshd_config.0 @@ -778,7 +778,7 @@ DESCRIPTION PermitRootLogin Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The - default is prohibit-password. + default is yes. If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-interactive Index: openssh-8.4p1/sshd_config.5 =================================================================== --- openssh-8.4p1.orig/sshd_config.5 +++ openssh-8.4p1/sshd_config.5 @@ -1331,7 +1331,7 @@ The argument must be or .Cm no . The default is -.Cm prohibit-password . +.Cm yes . .Pp If this option is set to .Cm prohibit-password