On Fri, 2021-04-30 at 20:42 +0200, Martin Kolman wrote: > On Fri, 2021-04-30 at 15:23 +0100, Richard W.M. Jones wrote: > > On Fri, Apr 30, 2021 at 03:37:54PM +0200, Vitaly Zaitsev via devel > > wrote: > > > On 30.04.2021 15:21, Richard W.M. Jones wrote: > > > > Not everything is exposed to the internet. Please leave the > > > > option, > > > > disabled by default and with a suitable warning if you like. > > > > > > Why are you still using passwords in 2021? SSH keys are much more > > > secure and easier to use. > > > > Because distributing SSH keys to temporary VMs is hard? Not > > everything is a long-lived machine connected to the internet. > What about creating an admin user instead ? It's effectively the same > ammount of clicks - instead of setting a root password and checking the > "Allow SSH root login with password" checkbox, create a regular user > and check the "make this user an admin" checkbox. > > Regular users, including users with admin (sudo/wheel) privileges, can > of course still login with password via SSH just fine. This is not useful to use things like rsync or scp/sftp to transfer files maintaining permissions/attributes/etc.. for doing quick local testing, development, or other ephemeral things this option is reasonable and there is no need to remove it. And also to run commands it is not great, if you end up using su/sudo without password, then you just made a process more complicated without adding much if any security. > > Rich. > > > > -- > > Richard Jones, Virtualization Group, Red Hat > > http://people.redhat.com/~rjones > > Read my programming and virtualization blog: > > http://rwmj.wordpress.com > > virt-top is 'top' for virtual machines. Tiny program with many > > powerful monitoring features, net stats, disk stats, logging, etc. > > http://people.redhat.com/~rjones/virt-top > > _______________________________________________ > > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
