Re: F35 Change: Drop the the "Allow SSH root login with password" option from the installer GUI (Self-Contained Change proposal)

On Wednesday, 12 May 2021 23:35:44 EEST Ben Cotton wrote: Make a plugin interface for adding additional methods to obtain public keys as there are a lot different sources for those. Fedora itself has tools for PKI and public key based security and it would be quite low hanging fruit to fill the gap between those components, in cases like this. Problem itself is old one and there are known solutions for it: https://en.wikipedia.org/wiki/Public_key_infrastructure Maybe that plugin slot should have some callbacks to information for user interface - like hierarchial selection of country/organization and UI-labels to build an user interface for user, allowing to select right source of keys. For example, my public key is available from public source: ldapsearch -x -h ldap.fineid.fi -b dmdName=fineid,c=fi serialnumber=10000350X usercertificate and response: usercertificate;binary:: MIIHMjCCBRqgAwIBAgIEO8QJwTANBgkqhkiG9w0BAQsFADCBlDELM AkGA1UEBhMCRkkxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtlc2t1cyBDQTEkMCIGA1UECxMbVm FsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTwwOgYDVQQDEzNWUksgR292LiBDQSBmb3IgQ2l0aXp lbiBRdWFsaWZpZWQgQ2VydGlmaWNhdGVzIC0gRzIwHhcNMTYwNjE0MDkxMzAxWhcNMjEwNjEzMjA1 . . . Ideally I would just choose country, trust provider and insert my unique serial number, and tadaa - a root access granted. Now I have to do that manually. The change itself is needed, take a look what happens at your network connected host's /var/log/secure - it's a constant flow of intrusion attempts. Tuju --