From 88a7c598a94ff53f76df228eeaae238d2d467565 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 27 Apr 2015 21:42:48 +0000
Subject: [PATCH] upstream commit

Make sshd default to PermitRootLogin=no; ok deraadt@
 rpe@
---
 servconf.c    | 4 ++--
 sshd_config   | 4 ++--
 sshd_config.5 | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/servconf.c b/servconf.c
index d4a48a016..8d56a309b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.264 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: servconf.c,v 1.265 2015/04/27 21:42:48 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -216,7 +216,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->key_regeneration_time == -1)
 		options->key_regeneration_time = 3600;
 	if (options->permit_root_login == PERMIT_NOT_SET)
-		options->permit_root_login = PERMIT_YES;
+		options->permit_root_login = PERMIT_NO;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)
diff --git a/sshd_config b/sshd_config
index c9042ac3c..cf7d8e1e8 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.94 2015/02/02 01:57:44 deraadt Exp $
+#	$OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
diff --git a/sshd_config.5 b/sshd_config.5
index 2bc9360d0..d3148c2c9 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.195 2015/04/16 23:25:50 dtucker Exp $
-.Dd $Mdocdate: April 16 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.196 2015/04/27 21:42:48 djm Exp $
+.Dd $Mdocdate: April 27 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1093,7 +1093,7 @@ The argument must be
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq no .
 .Pp
 If this option is set to
 .Dq without-password ,