F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Mike Pinkerton
pselists at mindspring.com
Mon Jan 12 15:16:36 UTC 2015
On 12 Jan 2015, at 03:56, P J P wrote:
> Hello,
>
>> On Sunday, 11 January 2015 2:27 PM, Peter Robinson wrote:
>>>> Earlier in the discussions I was told that this is not really an
>>>> issue: in
>>>> production, about every server with remote access also has a KVM.
>>>
>>> Often not the case in small business or third party hosted
>>> environments.
>>> Without remote ssh, box is unmanageable.
>>>
>>> Even if you want to do key-based authentication rather than
>>> password, you
>>> still need to use password initially to get the key onto the
>>> remote box.
>>
>> If you use cloud-init you can specify an initial public key that it
>> inserts against, or even auto enrol it in a central auth system like
>> IPA and hence not ever need a password.
>
> So, the major issue(or blocker should we say?) is the virtualized
> deployments. If there is no solution in sight, maybe last resort is
> to enable remote root login, possibly in the '%post' install
> section of the kick-start file.
Not just virtualized deployments, but also in remote installs on bare
metal.
--
Mike Pinkerton
More information about the devel
mailing list