Re: About sshd(8) remote root login feature & Anaconda UI support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



   Hello Brian,

> On Tuesday, 27 January 2015 3:54 AM, Brian C. Lane wrote:
> Sorry to take to long to follow up, I was trying to get enough time to
> at least skim the fedora-devel thread.

>
> I think the goal here is good. Better security is always a plus.


   Thank you for going through the details, I appreciate it.


> But I don't think mandating a sshd config change is the right way to do
> it.

   Well, intention is not to make it mandatory, but to make it default.

>Or adding checkboxes, or text entries for ssh keys in the installer.
> This makes it harder for a significant number of users to setup their
> systems and really only moves the problem into guessing the
> username+password instead of just guessing root's password.


   The change is mostly seen as a remedy against brute-force attacks.
It is not. The feature aims to provide hardened defaults as precautionary
measure. It is similar to using SELinux or running services with non-root
account instead of root account. Having stronger defaults has much greater
impact than users selectively securing their systems.


> The installer already gives the users the tools to make their systems
> secure:
>
> In GUI mode if you create a normal user that is a member of wheel the
> root account is locked, unless you also set a root password. This is
> effectively the same as changing the config.


  Exactly! Similarly it'll help if Anaconda could 'enable' remote
root access when no non-root account is created at install time.


> Users who are concerned with security already know how to setup their
> systems, use strong passwords, switch to key only logins, etc. They
> aren't the ones who need help.


   Very true! That is why we need to serve strong default configurations,
because they have much greater impact, than otherwise.


> Instead I propose that we increase our minimum password length to 8
> characters, and disallow weak passwords. The initial pain of creating a
> throw-away password for your vm can be mitigated by running pwgen and
> writing down a nice looking one on a sticky note :)


   In principle I don't disagree with it; But IMO it can not be a replacement
to stronger defaults. And secondly, as Adam and many have said earlier,
it could adversely affect their daily routines. Especially when there is no
option to revert back to current defaults ie. 6 characters. Though I'm not sure
if it's that big of a pain to type 2 more characters once you are used to it.


Considering the options so far, IMHO Anaconda enabling remote root access,
when no non-root account is created at install time, is a good solution.
It is the minimalist change on Anaconda's side, which could unlock the greater
value of providing stronger defaults and introducing the key based authentication
to the wider audience. It would certainly prove to be a good move for Fedora.


...wdyt?

---
Regards
   -Prasad
http://feedmug.com

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list




[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux