Hello Tomas, all > On Monday, 24 November 2014 6:27 PM, Tomas Mraz wrote: > The reason the root login with password was kept allowed was the support > for vnc installation without kickstart as it was previously impossible > to create regular user in anaconda. Now that anaconda allows to create > regular user accounts we could disable sshd root login with password. We > just need to properly advertise that. True; that's manageable. > The only remaining problem is for systems which have been installed > previously and have only root login and someone upgrades them to new > Fedora release. Here the system would be made inaccessible by the > openssh-server rpm upgrade from the old Fedora to F22. > > I am afraid there is no easy solution for the problem above. Ummn for Fedora upgrades, maybe in OpenSSH %post install section we could display a bold warning message about this change, so that the user is aware of it. This message could be removed in the subsequent updates to the OpenSSH package. --- Regards -Prasad http://feedmug.com -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
