Abotu setting 'PermitRootLogin=no' in sshd_config
Nico Kadel-Garcia
nkadel at gmail.com
Thu Nov 27 14:52:27 UTC 2014
On Thu, Nov 27, 2014 at 8:06 AM, P J P <pj.pandit at yahoo.co.in> wrote:
>> On Thursday, 27 November 2014 4:49 PM, Reindl Harald wrote:
>> so why not consider disable sshd at all and make a checkbox
>> in Anaconda "ssh support yes/no" because after somebody says "yes"
>> it's his clearly decision and he is responsible to secure it with key-only auth
>
> Sure these are options, which need to be evaluated against their pros and cons.
>
> For the 'Disable remote root login' option, this evaluation has been more positive than negative. Cases wherein it is negative, is mostly due to the tweaking that users would have to incorporate in their workflow, ex. explicitly enable remote root login after creating a new VM. This is easily doable because these users are fairly experienced ones. Idea is not to punish them for it, but to depend on their expertise rather than to expect that unknown users would/should know how to safe guard their systems.
>
> Overall this feature adds more value to Fedora, than its perceived short term cost.
I agree, from a basic security standpoint, that it's the simplest
change with the largest return on investment.
More information about the devel
mailing list