0

I'm trying to set up a non-interactive upgrade (Wheezy to Jessie). I get a prompt to disable root login over ssh, and I want to answer "no". Can I preseed that using debconf-set-selection?

How can I find out what the conf selection is called? I tried using debconf-get-selection and I guess the following four selections are set:

root@beaglebone:~# debconf-get-selections | grep ssh
openssh-server  ssh/use_old_init_script boolean true
openssh-server  ssh/vulnerable_host_keys    note    
openssh-server  ssh/disable_cr_auth boolean false
openssh-server  ssh/encrypted_host_key_but_no_keygen    note

Are there others available for openssh-server? How do I find out what they are?

jmilloy
  • 193
  • 1
  • 3
  • 11

1 Answers1

1

Ah, finally found full preseed lists here

############################
#### openssh-server_6.7p1-5+deb8u4_amd64.deb
############################

### Description: Disable SSH password authentication for root?
#   Previous versions of openssh-server permitted logging in as root over SSH
#   using password authentication. The default for new installations is now
#   "PermitRootLogin without-password", which disables password authentication
#   for root without breaking systems that have explicitly configured SSH
#   public key authentication for root.
#   .
#   This change makes systems more secure against brute-force password
#   dictionary attacks on the root user (a very common target for such
#   attacks). However, it may break systems that are set up with the
#   expectation of being able to SSH as root using password authentication. You
#   should only make this change if you do not need to do that.
# d-i openssh-server/permit-root-login boolean false
jmilloy
  • 193
  • 1
  • 3
  • 11