F22 System Wide Change: Set sshd(8) PermitRootLogin=no

Dennis Gilmore dennis at ausil.us
Tue Jan 13 18:14:55 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 13 Jan 2015 12:51:41 -0500
Ben Cotton <bcotton at fedoraproject.org> wrote:

> On Tue, Jan 13, 2015 at 12:46 PM, Dennis Gilmore <dennis at ausil.us>
> wrote:
> > I could make that work but it is far from ideal as I would need to
> > make sure that its available over a network connection. For one I
> > would need to remember the url to the key so that it can be fetched.
> 
> That's not quite what I had in mind, but I wasn't entirely clear. My
> suggestion was that the text of the key itself would be provided, e.g.
> 
> --ssh-key="ssh-rsa AAAAB3N...ni31 bcotton at normal"
> 
> I'll grant that it's a little bit (a lot) ugly to do in a CLI, but it
> seems like a reasonable compromise between the various goals and
> constraints.

To me that is worse than giving a url where to fetch the key. it does
seem like a very good option for a kickstart install. I usually do
interactive installs but I do not trust that the console is secure I
take steps as soon as the install is done to tighten things up.
perhaps I should suck it up and just use kickstart. can you imagine
having to type the key into a box in an interactive install using vnc
over the internet? especially when that key is 8192 bits or bigger?

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUtWCfAAoJEH7ltONmPFDRbkMP/RgREBXmYLSg35GUi3lD64rU
o+hg9zR84uYAAYIilr6SgMlCiCrETvYDw4a9Hxf9zhsVu3Ge2knh5eEeWn8POO1S
y1dvbmocSWKks0miYa/IgWsBUCBPcpnWXzVHPXBuT/VfjLMqyyveS+eL5ZzvV3nm
Gc1ok/+ciQYMIQVR45WA6yBUrSVErIsdUtrxj+cBv5Ts/NTSC/km1CGNxREJ2p12
U2+tAv4FE1juw+4jnuWPLrw76i7sIVEtFKHzZ3Cnyc51sgulGUbSVZsT7Yt5Rt3c
tm7ZFrGuLLWYcVZbJSUl47HdgFzPH8IGECF8VPiEoHV0Zy4Ia46WJ6x8VCc2NQu2
pzQrH2/BhAMKbgxKPipvYqvbWWRal2uijC1BXyQgbLWHhx6r5qZdqESmAD1ThfIz
FIynVJ/6oTh4lWM5QS4f7XnBmLjY2j/tuo9W400QfGMvGe+wHSJsiiWO0qDKhrmz
IqDO1Q4EkY7RMZgCxcAvKZ0wfKJqord0oQpQJxnPhjjWRo3g9aPlDCOAu+4jgmQ6
jXZqDmAjWiBEqfU9NdEpr+VnDy+pQ8FCeHlYH4foAh3YFZjsr+SilgobBD1Bp/lo
brzticiOHjE+7irNdRqMP+TmYgzzebIQNi6dM4u42QcC1fgwZNspf4qte4d6XI3o
MKJdwDaSxe98HkQfKCfW
=+AQZ
-----END PGP SIGNATURE-----

More information about the devel mailing list