F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Milan Keršláger
milan.kerslager at pslib.cz
Mon Jan 12 09:40:47 UTC 2015
No, this is not good idea as I wrote few minutes ago because it does not
improve security, it just provide feeling of better security, see:
https://en.wikipedia.org/wiki/Security_through_obscurity
I wonder why no-one responded like me, because this was discussed many
times ago. Well maybe many times since 1995 (when SSH was born) and
maybe I'm a little bit old so I read it many times again and again.
It seems like SSH does not make padding sufficiently, but this changes
nothing on what I wrote.
Disabling root loging does not solve the problem and it profides only
false feeling of security.
M.K.
Dne 12.1.2015 v 09:56 P J P napsal(a):
> Hello,
>
>> On Sunday, 11 January 2015 2:27 PM, Peter Robinson wrote:
>>>> Earlier in the discussions I was told that this is not really an issue: in
>>>> production, about every server with remote access also has a KVM.
>>> Often not the case in small business or third party hosted environments.
>>> Without remote ssh, box is unmanageable.
>>>
>>> Even if you want to do key-based authentication rather than password, you
>>> still need to use password initially to get the key onto the remote box.
>> If you use cloud-init you can specify an initial public key that it
>> inserts against, or even auto enrol it in a central auth system like
>> IPA and hence not ever need a password.
> So, the major issue(or blocker should we say?) is the virtualized deployments. If there is no solution in sight, maybe last resort is to enable remote root login, possibly in the '%post' install section of the kick-start file.
>
> Does it seem like an appropriate solution?
> ---
> Regards
> -Prasad
> http://feedmug.com
--
Milan Keršláger
http://www.pslib.cz/ke/
http://www.nti.tul.cz/wiki/Milan.Kerslager
More information about the devel
mailing list