On Sat, 2021-05-15 at 17:53 +0200, Ralf Corsepius wrote: > On 5/14/21 2:50 PM, Martin Kolman wrote: > > On Thu, 2021-05-13 at 20:09 +0200, Peter Boy wrote: > > > > We discussed that in the Fedora Server Edition Working Group and > > > opted to leave it as is for the Server installation iso. A lot of > > > servers are running in a protected environment. And there are > > > situations when you need urgent access but do not sit at your > > > desktop > > > and don’t have the key available. So let the server admin decide > > > what > > > is best in a given installation context. In most cases it is the > > > current default (disallow password login) > > Do those server deployments not have any users accounts other than > > root > > ? Creating a non-root user account, possibly with admin rights (all > > possible from within Anaconda) would seem like a safer option for > > accasional/emergency password based access to such machines over > > SSH. > > I don't see, how this would any safer than directly using "root". As far as I understand the original change in upstream OpenSSH it's about only having to remotely guess a password to gain access to the root account. In comparison to remotely attack a user account you need to guess both the user name *and* password, making the potential search space quite a bit larger (provided the user name is reasonably unique). > > Ralf > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
