Re: Fedora change that will probably affect RHEL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Jul 28, 2015, at 8:37 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote:
> 
> On 07/28/2015 04:29 PM, Warren Young wrote:
>> They turned off "PermitRootLogin yes" and "Protocol 1" in EL6 or EL7, the previous low-hanging fruit.  Do you think those were bad decisions, too?
> 
> As far as I know, PermitRootLogin has not been set to "no" by default. 

My mistake.  I grepped sshd_config on a fresh EL7 machine here and saw

  #PermitRootLogin yes

and assumed it meant “no”.  It’s just documenting the default.

I explicitly set it to “no” on systems I am solely in control of, and I’d prefer that upstream changed that default in the precursor(s) to CentOS 8, too.  EL7 ships ready to use sudo out-of-the-box, if you tick the “administrative user” checkbox on the non-root user during install.  That removes the last good reason to allow remote root logins by default.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux