[BlueOnyx:17147] Re: Two small 5208R bugs - fixed

[Dogsbody]

> I just published a fix for this for 5207R, 5208R and 5209R.
> Here is how it works - just to make sure everyone understands it:

Michael,

I'm not actually sure what has changed as I rather assumed all of the 
above worked like that anyway.

This however reduces security from our old 5108R boxes!

We cannot turn off Password Authentication as users login via SSH.  We 
don't want *anyone* logging in as root with a (80 bit) password even if 
they have the right one but we do want root to be able to login with a 
(4096 bit) private key.

This is exactly what "PermitRootLogin without-password" allows us to do.

Please correct me if I have misunderstood but currently under 5208R we 
now have to chose between having the root account open (albeit hopefully 
with a strong password) or locking down *all* accounts to use public key?

Regards, Dan