Re: F22 System Wide Change: Set sshd(8) PermitRootLogin=no

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No, this is not good idea as I wrote few minutes ago because it does not
improve security, it just provide feeling of better security, see:
https://en.wikipedia.org/wiki/Security_through_obscurity

I wonder why no-one responded like me, because this was discussed many
times ago. Well maybe many times since 1995 (when SSH was born) and
maybe I'm a little bit old so I read it many times again and again.

It seems like SSH does not make padding sufficiently, but this changes
nothing on what I wrote.

Disabling root loging does not solve the problem and it profides only
false feeling of security.

M.K.

Dne 12.1.2015 v 09:56 P J P napsal(a):
>   Hello,
>
>> On Sunday, 11 January 2015 2:27 PM, Peter Robinson wrote:
>>>> Earlier in the discussions I was told that this is not really an issue: in
>>>> production, about every server with remote access also has a KVM.
>>> Often not the case in small business or third party hosted environments.
>>> Without remote ssh, box is unmanageable.
>>>
>>> Even if you want to do key-based authentication rather than password, you
>>> still need to use password initially to get the key onto the remote box.
>> If you use cloud-init you can specify an initial public key that it
>> inserts against, or even auto enrol it in a central auth system like
>> IPA and hence not ever need a password.
>   So, the major issue(or blocker should we say?) is the virtualized deployments. If there is no solution in sight, maybe last resort is to enable remote root login, possibly in the '%post' install section of the kick-start file.
>
> Does it seem like an appropriate solution?
> ---
> Regards
>    -Prasad
> http://feedmug.com

-- 
                            Milan Keršláger
                            http://www.pslib.cz/ke/
                            http://www.nti.tul.cz/wiki/Milan.Kerslager

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux