Heads up - Anaconda 22.17 will enforce 'good' passwords
Scott Robbins
scottro at nyc.rr.com
Sun Feb 1 02:57:31 UTC 2015
On Sat, Jan 31, 2015 at 09:21:45PM -0500, Richard Ryniker wrote:
> Recapitiulation:
>
> A security problem was recognized because the ssh daemon is enabled by
> default on Fedora systems: with a weak root password, a remote attacker
> might easily obtain unlimited access.
>
> The direct solution would seem to be a change to the ssh daemon to
> prohibit root login in its default configuration, but allow
> post-installation change to sshd to permit this where it is desirable.
Coming from a FreeBSD background, where that is the default, that makes
more sense to me, admittedly, just one person's opinion. It's actually
more likely to stop this theoretical newcomer from leaving their system
open.
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
More information about the test
mailing list