Re: able to login as root via ssh :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Les Mikesell wrote:

On Tue, 2006-08-08 at 14:45 -0400, Robert Locke wrote:

[snip]

In order for a remote system to be in a state that remote access is even
possible, there must be an OS already running. In order to install the
first OS, physical access to the box must be required. It has to be
physically connected etc. At the very least the power has to be turned
on.. it might then proceed to do a network install...

At that first install time is when a second user id should be created....

Non-root users are creating doing firstboot, not during the install.  If
you aren't there to go through the firstboot process, you can't create any
users other than via root.

I don't recall off the top of my head what kickstart lets you do with
respect to user creation.  It is conceivable that using kickstart to do a
PXE install will leave a headless machine with no way to access it except
via a root ssh session.

Well, kickstart and/or the interactive install could tie you in to
various network directories like NIS or something LDAP based to give you
non-root users...

But, of course, kickstart could add a user in a myriad of ways to the
local passwd/shadow/group files during the %post section like:
useradd -p encryptedpassword username


I'm not quite sure I see the point of this unless it is a
checkbox item in someones theoretical 'best practices' list.
How much of an install can you do as someone other than root?
It was exactly all this discussion I didn't want to get into... apparently it's already been decided that root log in via ssh is allowed by default.... fine, I can live with that.
What I WOULD like is an option in sshd_config then to tell me that's allowed.... (like other info I get in Logwatch about ssh) then I can do one of three things: 
1 - turn off the option that warns me
2 - turn off root access via ssh
3 - see the warning every day. :-)
Bugzilla/RFE.... https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201794 :-) 

Let's see...

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux