On Thu, May 16, 2019 at 2:54 PM Ben Cotton <bcotton@xxxxxxxxxx> wrote: > > https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd > > == Summary == > The upstream OpenSSH disabled password logins for root back in 2015. > The Fedora should follow to keep security expectation and avoid users > surprises with this configuration. Since the default has been to enable root logins since the first Red Hat releases, long before Fedora was first split off, it's going to be a surprise. As an old SSH admin (since ssh-1 was first published), It seems reasonable in this day and age to set disabled by default. I would definitely want anaconda to add an option, to enable it at OS installation time. While sudo access is useful, sometimes admins lose passwords, and I've certainly dealt with environments where admins lost their passwords or network based credentials failed and required console access, or where someone had to run fsck on an attached filesystem from the console. It will compel people to tunnel remote controlled arbotrary root privileged operations through an authorized "sudo" user, which does not completely eliminate risk. Some tools, like ansible, manage this quite well. I've personally encountered the difficulty that sudo privileges are *fragile*. It's quite easy to misconfigure a sudo file and break root access. I've found a locked away root SSH password to be useful for such situations, but I'm willing to sacrifice that privilege. > == Owner == > * Name: [[User:jjelen| Jakub Jelen]], OpenSSH maintainer > * Email: jjelen@xxxxxxxxxx > > == Detailed Description == > > The OpenSSH server configuration contains a configuration option > `PermitRootLogin`, which controls whether the root user is allowed to > login using passwords or using public key authentication. The root > login is target of most of the random or targeted attack on Linux > systems and password is usually the weakest part. For that reason, the > upstream OpenSSH changed this option in 2015 to `prohibit-password`, > which still allows public-key authentication, but prevents the > password logins. Fedora was for many practical reasons keeping the old > configuration since then, but the difference is no longer bearable and > might confuse users expecting the root logins will not be enabled out > of the box. Make sure to draw the distinction between "no root login" and "no root login via SSH". "No root login" requires locking the root password for console access, which would disable fsck on a failed filesystem at boot time. That happens less than it used to, but it's going to be more of an issue as old SSD drives start wearing out more. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
