Am 02.04.2014 19:29, schrieb Chris Adams: > Once upon a time, Jaroslav Reznik <jreznik@xxxxxxxxxx> said: >> ----- Original Message ----- >>> [CHANGE PROPOSAL] The securetty file is empty by default >>> >>> All the info has been sitting here @ >>> https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default >>> since March 20th. >>> >>> Did I mess something up? Or is there just a backlog? >> >> Backlog. But for this one, I'd really like to see some discussion >> in advance of the real announcement. So thank you for this email. > > I'd be opposed to locking root out of the console login (having spent > today at work tracking down miscellaneous VMs with only a root user > created) +1 a golden-master for a virtual infrastructure usually do not have any other login user because which one is decided after clone and intention of the final machine instead some generic user > Fedora still allows root SSH logins by default; how is that more secure > than the console? it is not but disable that in a default install makes nothing more secure the only secure SSH setup is that one where no password login is allowed and that is a chicken/egg problem not solveable at setup
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
