On Thu, Dec 04, 2014 at 10:00:54AM -0500, Miloslav Trmač wrote: > For 1), just use the BIOS password and boot into single-user mode > (which then must be configured not to ask for a password), or perhaps > into a special variant of the standard multi-user mode (so that > networking and the IPA client works) with an unauthenticated root > shell open. This would break for servers with no or difficult > physical access and no KVM/serial console set up; is that a frequent > and significant case? I don't think it's a significant use case for servers that aren't being installed via kickstart, where there's the opportunity to configure or open up _whatever_. > For 2), use the same user name you use on the host or your other > computers, and set up sudo to give this user in the guest full > control. This could, if we can automate the sudo part, even be more > convenient: “ssh hostname” now works without having to prepend root@, > or having to add such a configuration to ssh_config. We already pretty much do this. > So I guess the long-term ideal would be to stop talking about the > “root password” altogether (i.e. have an anaconda install end up with > root password authentication disabled, and for “the” administrator, > set up sudo to be authenticated with their own, not root’s > nonexistent, password), and to stop recommending _any_ log ins > directly to the root account. That would also implicitly resolve the > sshd discussion. Yes, although I'd argue that in this case it's _more_ important to set the default to deny, because if everyone assumes that root just can't get in, it's a cheap back-door to just set a password and hope no one notices. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
