Am 27.11.2014 um 12:13 schrieb P J P:
Just because it is easy to infer non-root user names does not mean we tell people it is 'root'. Secondly, it might be easy for you to infer such names, not for everyone. The increased difficulty level that is added by not allowing remote root login could help to thwart lot of real & automated attacks.[1] Thirdly, it need not have to be entirely about security, it's also about picking the right default configuration. Same as disabling sshd(8) in Workstation by default. As Scott wrote above
so why not consider disable sshd at all and make a checkbox in Anaconda "ssh support yes/no" because after somebody says "yes" it's his clearly decision and he is responsible to secure it with key-only auth
i guess the answer will be "because too many options in the installer will harm" which i can't support - to less options IMHO harm forcing the user to look what is setup and how
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
