On 11/24/2014 03:49 PM, Richard Z wrote: > On Mon, Nov 24, 2014 at 02:02:59PM +0100, Petr Lautrbach wrote: >> On 11/24/2014 01:57 PM, Tomas Mraz wrote: >>> On Po, 2014-11-24 at 12:37 +0000, P J P wrote: ... >>> The only remaining problem is for systems which have been installed >>> previously and have only root login and someone upgrades them to new >>> Fedora release. Here the system would be made inaccessible by the >>> openssh-server rpm upgrade from the old Fedora to F22. >>> >>> I am afraid there is no easy solution for the problem above. >>> >> >> I think it's ok for upgrade between versions if it's promoted as a >> Fedora Feature. > > removing root ssh with password is probably a good thing but admins who > configured ssh with public-key auth probably have done that after spending > a few thoughts on it and should not be shot in their feet so quickly. > I agree. It should be documented at least in Fedora release notes and as a Fedora Feature preferably accepted by FESCO. However it would effectively affect only those admins who haven't touched /etc/ssh/sshd_config file given that this file is marked as %config(noreplace). Petr -- Petr Lautrbach
Attachment:
signature.asc
Description: OpenPGP digital signature
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
