On 8/20/06, dragoran <dragoran@xxxxxxxxxxxxxxx> wrote:
Arthur Pemberton wrote: > On 8/20/06, Kostas Georgiou <k.georgiou@xxxxxxxxxxxxxx> wrote: >> On Sun, Aug 20, 2006 at 12:54:30PM +0200, Christian Rose wrote: >> >> > On 8/19/06, Arthur Pemberton <pemboa@xxxxxxxxx> wrote: >> > >Why does FC ship openssh with sshd allowing root logins? And are >> there >> > >any plans to preempt the now routine sshd weak password hunting bots? >> > >> > IIRC, the idea was that you should not end up with being locked out of >> > a remote system if that system's /home NFS mount was somehow screwed >> > up. With allowing root to log in, you could still fix a remote system >> > using NFS-mounted home directories. >> >> Not to mention that kerberos/ldap/nis/whatever might be down so user >> logins might not be available. >> >> Anaconda, authconfig can ask questions at install time like: >> Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc. >> Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc. >> and setup an access.conf file. >> > > That seems like a just as good solution, esp. if that screen can be > skipped by a newbie, and have things default to 'safer' settings. > or add a extra tab to system-config-securitylevel >> Kostas >>
I would see an 'and' instead of an 'or' in that suggestion. -- To be updated... -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
