On Fri, Nov 21, 2014 at 12:41 PM, P J P pj.pandit@yahoo.co.in wrote:
Hello,
Sshd(8) daemon by default allows remote users to login as root.
- Is that really necessary?
- Lot of users use their systems as root, without even creating a non-root user. Such practices need to be discouraged, not allowing remote root login could be useful in that.
Does it make sense to disable remote root login by default? If so, do we need to just report it to the maintainer or it would be treated as a feature?
Being a Fedora user on my personal machine as well as maintainer of a few Fedora machines in production environment, I would gladly welcome this. Many people do disable root login anyway. Having it default would be a positive step from security stand point.