From f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 Mon Sep 17 00:00:00 2001
From: "deraadt@openbsd.org" <deraadt@openbsd.org>
Date: Thu, 30 Jul 2015 19:23:02 +0000
Subject: [PATCH] upstream commit

change default: PermitRootLogin without-password matching
 install script changes coming as well ok djm markus

Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
---
 servconf.c    | 4 ++--
 sshd_config   | 4 ++--
 sshd_config.5 | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/servconf.c b/servconf.c
index 7506ad21f..f5d564efa 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.277 2015/07/30 00:01:34 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.278 2015/07/30 19:23:02 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -89,7 +89,7 @@ initialize_server_options(ServerOptions *options)
 	options->server_key_bits = -1;
 	options->login_grace_time = -1;
 	options->key_regeneration_time = -1;
-	options->permit_root_login = PERMIT_NOT_SET;
+	options->permit_root_login = PERMIT_NO_PASSWD;
 	options->ignore_rhosts = -1;
 	options->ignore_user_known_hosts = -1;
 	options->print_motd = -1;
diff --git a/sshd_config b/sshd_config
index cf7d8e1e8..46df1622f 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
+#	$OpenBSD: sshd_config,v 1.96 2015/07/30 19:23:02 deraadt Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin no
+#PermitRootLogin without-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
diff --git a/sshd_config.5 b/sshd_config.5
index 2808576a9..6eec1f668 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.208 2015/07/30 00:01:34 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.209 2015/07/30 19:23:02 deraadt Exp $
 .Dd $Mdocdate: July 30 2015 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -1209,7 +1209,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq no .
+.Dq without-password .
 .Pp
 If this option is set to
 .Dq without-password ,