On 11/21/2014 08:11 AM, P J P wrote: > Hello, > > Sshd(8) daemon by default allows remote users to login as root. > > 1. Is that really necessary? The original bug report [1] was kept opened mainly due to the lack of adding user functionality in anaconda. This is no more true, anaconda has ability to add an user although it's not enforced. [1] https://bugzilla.redhat.com/show_bug.cgi?id=89216 > 2. Lot of users use their systems as root, without even creating a non-root user. > Such practices need to be discouraged, not allowing remote root login could be > useful in that. There are several use cases when local non-root users are not needed at all as others already pointed out. The change itself is simple however the problem is more complex overall. Here are some thoughts I have about the change: - administrators are alerted when they use weak password for root by anaconda - Fedora Workstation and Live installations don't enable sshd.service - even if the default was 'PermitRootLogin without-password' you would need to inject an ssh key and when you are able to inject a key, you are able to change the default configuration - I personally use several Fedora systems without non-root users in local network. - default sudoers uses password of an user for authentication, so even when I have a non-root user in wheel group, I only need one user's password to become root - how much users of these enforced users will be 'user' or 'test'? Petr -- Petr Lautrbach
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
