On 25/11/14 08:04, P J P wrote: > Hello Tomas, all > >> On Monday, 24 November 2014 6:27 PM, Tomas Mraz wrote: >> The reason the root login with password was kept allowed was the support >> for vnc installation without kickstart as it was previously impossible >> to create regular user in anaconda. Now that anaconda allows to create >> regular user accounts we could disable sshd root login with password. We >> just need to properly advertise that. > True; that's manageable. > >> The only remaining problem is for systems which have been installed >> previously and have only root login and someone upgrades them to new >> Fedora release. Here the system would be made inaccessible by the >> openssh-server rpm upgrade from the old Fedora to F22. >> >> I am afraid there is no easy solution for the problem above. > > Ummn for Fedora upgrades, maybe in OpenSSH %post install section we could display a bold warning message about this change, so that the user is aware of it. This message could be removed in the subsequent updates to the OpenSSH package. > > --- > Regards > -Prasad > http://feedmug.com > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security Hi All, Are we talking here physical releases ? Or just infra or just best advice for people ? I fear that if we do disable SSH root logins, this will make some people's lives a lot harder. But could somebody please be so kind to clarify what exactly we are considering here ? Thank you. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore@xxxxxxxxxxxxxxxxx -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
