On Tue, Nov 25, 2014 at 09:56:59AM -0500, Simo Sorce wrote: > On Sat, 22 Nov 2014 08:24:32 +0000 (UTC) P J P wrote: > > > On Saturday, 22 November 2014 1:39 AM, Richard W.M. Jones wrote: > > >> On Fri, Nov 21, 2014 at 09:11:51AM +0100, Florian Weimer wrote: > > >> The latter. We have to install authorized_keys inside the VM > > >> anyway, so we can touch sshd_config, too. > > > > > > Virt-builder has a new '--ssh-inject' feature (in F22 only). > > > > > > $ virt-builder fedora-20 --ssh-inject root > > > > > > would inject your current ssh key into the root account of the new > > > VM. There are other variations, including ways to create a non-root > > > user account, see: > > > > > > http://libguestfs.org/virt-builder.1.html > > > > Excellent! :) > > > > So far the consensus seem that it is okay to reverse the current > > default and set PermitRootLogin=no. I'll talk to the upstream > > maintainer - plautrba(https://fedoraproject.org/wiki/User:Plautrba). > > > > Thank you. > > We can install machine w/o user accounts, removing the ability to log > in as root via ssh means those machines will not be accessible. > > If you want to remove root access that should be conditionally done at > firstboot only if a user account was created. It seems to me that we could tweak this somewhat: "only if a user account was created OR remote users have been configured" -- Scott Schmit
<<attachment: smime.p7s>>
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
