> Hello, > > Sshd(8) daemon by default allows remote users to login as root. > > 1. Is that really necessary? > 2. Lot of users use their systems as root, without even creating a non-root user. > Such practices need to be discouraged, not allowing remote root login could be > useful in that. > > Does it make sense to disable remote root login by default? If so, do > we need to just report it to the maintainer or it would be treated as > a feature? This is generally a very bad idea, because this is NOT SECURE AT ALL. 1) If the problem is brute force attack (BF) against root account, this solution will not prevent BF at all, because BF could be used against other accounts too (it may not so easy, but BF means to try all possible solutions to find the correct one so no change to BF here) 2) You have to fight BF attack in general, which means to use some kind of wrapper to block unsuccesfull logins, but this will raise the security problem, because this wrapper could be vulnerable, ie. may contain some bug which could be security disaster. 3) Previous solution with wrapper could be solved by some kind of script and touching iptables/tcp_wrapper and this will not be security problem, so this is better than 2) 4) Blocking root access means forcing admins to log as normal user and then do su/sudo and providing root password, which is far less secure than disable root password authentication and allow login to root with SSH key only, because password could be easily stolen (private key is never send to the net so is more safe). 5) When a user provides login/password through ssh, the ssh know whats going on, so there is a padding (with nothing) included in the initial network communication to prevent spoofing on how the password "sounds like" (ie sniffing on password typing), but when the user is logged-in, the ssh has no clue what is going on so no padding could be inserted to the network communication and this is why there is possibility to attack (spoof) on password the user provides when doing su/sudo after succesfull login. See SSH protocol explanation and a lot of very good articles about this. 6) Because all I wrote above, disabling root login is "Security through obscurity" and THIS NOT IMPROVE SECURITY! See https://cs.wikipedia.org/wiki/Security_through_obscurity and 5) above There are possible solutions for this problem: A) do not allow any SSH connection (the user should enable SSH on its own) B) provide good blocking script as of 3) above by default [there are many out there] C) do not allow user to set weak root password at all As Fedora is focused as desktop, I wonder why SSH is enabled by default. RHEL/CentOS/SLES/whatever is focused as server and this sounds me reasonable to allow SSH by default. Yes, Debian/Ubuntu etc. disable root login by default but as I wrote, this is not security feature, it only provides false security feeling and by nature it lower security (see above). Don't do the same please only because others do too. Don't think about to make the computer more secure and allow administrator to be stupid on the same time! -- Milan Keršláger http://www.pslib.cz/ke/ http://www.nti.tul.cz/wiki/Milan.Kerslager -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
