Hello Brian, > On Tuesday, 27 January 2015 3:54 AM, Brian C. Lane wrote: > Sorry to take to long to follow up, I was trying to get enough time to > at least skim the fedora-devel thread. > > I think the goal here is good. Better security is always a plus. Thank you for going through the details, I appreciate it. > But I don't think mandating a sshd config change is the right way to do > it. Well, intention is not to make it mandatory, but to make it default. >Or adding checkboxes, or text entries for ssh keys in the installer. > This makes it harder for a significant number of users to setup their > systems and really only moves the problem into guessing the > username+password instead of just guessing root's password. The change is mostly seen as a remedy against brute-force attacks. It is not. The feature aims to provide hardened defaults as precautionary measure. It is similar to using SELinux or running services with non-root account instead of root account. Having stronger defaults has much greater impact than users selectively securing their systems. > The installer already gives the users the tools to make their systems > secure: > > In GUI mode if you create a normal user that is a member of wheel the > root account is locked, unless you also set a root password. This is > effectively the same as changing the config. Exactly! Similarly it'll help if Anaconda could 'enable' remote root access when no non-root account is created at install time. > Users who are concerned with security already know how to setup their > systems, use strong passwords, switch to key only logins, etc. They > aren't the ones who need help. Very true! That is why we need to serve strong default configurations, because they have much greater impact, than otherwise. > Instead I propose that we increase our minimum password length to 8 > characters, and disallow weak passwords. The initial pain of creating a > throw-away password for your vm can be mitigated by running pwgen and > writing down a nice looking one on a sticky note :) In principle I don't disagree with it; But IMO it can not be a replacement to stronger defaults. And secondly, as Adam and many have said earlier, it could adversely affect their daily routines. Especially when there is no option to revert back to current defaults ie. 6 characters. Though I'm not sure if it's that big of a pain to type 2 more characters once you are used to it. Considering the options so far, IMHO Anaconda enabling remote root access, when no non-root account is created at install time, is a good solution. It is the minimalist change on Anaconda's side, which could unlock the greater value of providing stronger defaults and introducing the key based authentication to the wider audience. It would certainly prove to be a good move for Fedora. ...wdyt? --- Regards -Prasad http://feedmug.com _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
