Arthur Pemberton wrote:
On 8/20/06, Kostas Georgiou <k.georgiou@xxxxxxxxxxxxxx> wrote:
On Sun, Aug 20, 2006 at 12:54:30PM +0200, Christian Rose wrote:
> On 8/19/06, Arthur Pemberton <pemboa@xxxxxxxxx> wrote:
> >Why does FC ship openssh with sshd allowing root logins? And are
there
> >any plans to preempt the now routine sshd weak password hunting bots?
>
> IIRC, the idea was that you should not end up with being locked out of
> a remote system if that system's /home NFS mount was somehow screwed
> up. With allowing root to log in, you could still fix a remote system
> using NFS-mounted home directories.
Not to mention that kerberos/ldap/nis/whatever might be down so user
logins might not be available.
Anaconda, authconfig can ask questions at install time like:
Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc.
Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc.
and setup an access.conf file.
That seems like a just as good solution, esp. if that screen can be
skipped by a newbie, and have things default to 'safer' settings.
or add a extra tab to system-config-securitylevel
Kostas
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
