upstream commit

Make sshd default to PermitRootLogin=no; ok deraadt@
 rpe@

servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -216,7 +216,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->key_regeneration_time == -1)
 		options->key_regeneration_time = 3600;
 	if (options->permit_root_login == PERMIT_NOT_SET)
-		options->permit_root_login = PERMIT_YES;
+		options->permit_root_login = PERMIT_NO;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)

sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $
+#	$OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
-.Dd $Mdocdate: April 16 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $
+.Dd $Mdocdate: April 27 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1093,7 +1093,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 .Pp
 If this option is set to
 .Dq without-password ,