Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Dec 5, 2019 at 9:02 AM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote:

> Please don't recommend to anyone to use passwords for SSH. That is incredibly
> insecure, and if privileged users are using password-based SSH, that'll
> quickly lead to a serious compromise of your entire system, depending on the
> complexity of the password, of course, but still holds nothing to key-based
> authentication with the best password.

I was merely pointing out the options. Believe me, for SSH, I've seen
them some very astute and some quite foolish authentication practices
since I published the first public ports of ssh-1 and ssh-2 to SunOS
back in the 90's.

> > In common usage, very few people encrypt their home directories
> > separately from their basic disk image. It makes system management for
> > administrators or even a local root user very awkward. I could see it
> > for home directories in "/home", and it would only cost SSH key based
> > access, not ordinary password or Kerberos ticket based login. But it
> > sounds quite risky and destabilizing, much as the "kill dangling
> > processes when people log out". That  caused a lot of shock when it
> > was activated by default and started killing processes with no
> > logging. Let's not repeat a surprise like that and avoid killing SSH
> > key access by default.
>
> A bit off topic, but where is "kill danging processes when people log out"
> set? I've not experienced that anywhere.

Sorry, should have spelt that "dangling". systemd does so by default
based on a compile-time option, and for a time Fedora had it enabled
by default. After quite a furor, elected to disable this normally
unwelcome feture by default, See /etc/systemd/logind.conf.for the
"#KillUserProcesses=no" line.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux