On Thu, Jan 08, 2015 at 08:43:48AM -0500, Stephen Gallagher wrote: > Can we clarify something here? Is this a request to change the defaults > globally for all Products/nonproduct installs? > > I would argue that it could be sensible to do this for Workstation and > non-product installs, but not for Server and Cloud. > > In the Server case, nearly every deployment is headless. Disabling root > login to ssh by default would mean that many people would have no way to > get into the system at all. (Yes, we could force the creation of a > non-root user at install time, but this user would by necessity be an > administrator capable of becoming root via sudo, so the distinction > is... fuzzy). The only other approach I could see for the headless > servers would be mandating the enrollment in an identity domain at > installation time (such as to FreeIPA or Active Directory). Having a non-root account with sudo is already more secure because the attacker would have to guess the username in addition to the password. > Neither of those approaches is anything like ideal, so I would argue > that Server should continue to operate with the SSH root login being > available by default, but perhaps add documentation to the install guide > recommending to disable it if other accounts are available; perhaps even > by adding a simple kickstart directive (but no UI element) to accomplish > this. I disagree. I think requiring a non-root account w/Admin to be created is the best way to go. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
