Re: SSH after upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 07 Oct 2019 10:38:32 +0200
Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> On Mon, 2019-10-07 at 02:53 +0200, Marko Vojinovic wrote:
> > On Mon, 7 Oct 2019 10:21:03 +1100
> > Cameron Simpson <cs@xxxxxxxxxx> wrote:
> > > On 07Oct2019 01:00, Marko Vojinovic <vvmarko@xxxxxxxxx> wrote:
> > > > On Sun, 06 Oct 2019 18:05:02 +0200
> > > > alciregi@xxxxxxxxx wrote:
> > > > > It could it be related to this change:
> > > > > https://fedoraproject.org/wiki/Releases/31/ChangeSet#Disable_Root_Password_Login_in_SSH
> > > > 
> > > > As a side question --- I remember that this was the default for
> > > > upstream OpenSSH since 2015, but was not adopted in Fedora
> > > > because
> > > > people who install Fedora on headless machines (or remotely)
> > > > would
> > > > have no other way of logging in after initial installation. So
> > > > why
> > > > the change of heart now, what happened to the headless login
> > > > issue?
> > > 
> > > Because one can generally set up a normal user, log in as them,
> > > then
> > > su or sudo.
> > 
> > Was this not possible back in 2015?
> > 
> > I guess I am asking what technically changed between then and now,
> > so that we didn't block root back then and we are doing it now?
> 
> Please, read the whole fedora change page. It answers all your
> questions.

Well, the relevant sentence from the change page says:

"Fedora was for many practical reasons keeping the old configuration
since then, but the difference is no longer bearable"

Can you please elaborate what were the "many practical reasons" that
prevented this from being changed for the last 5 years? And why are
they not equally practical now?

Don't get me wrong, I fully support this change, disabling ssh root
login is the very first thing I do every time I install a new system.
And each time I ask myself why on earth isn't this the default, but I
sort-of remember (from various discussions on this mailing list back in
2015 or so) that people had good reasons to keep it that way. And now
that I see the default is going to be changed, I'm curious what were
those reasons and what happened to them --- how come they were
good enough for the last five years, and are not good enough now? What
changed? Or else, why wasn't this done already back in 2015?

Best, :-)
Marko




_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux