On Thu, Dec 04, 2014 at 10:00:54AM -0500, Miloslav Trmač wrote:
For 1), just use the BIOS password and boot into single-user mode
(which then must be configured not to ask for a password), or perhaps
into a special variant of the standard multi-user mode (so that
networking and the IPA client works) with an unauthenticated root
shell open. This would break for servers with no or difficult
physical access and no KVM/serial console set up; is that a frequent
and significant case?
I don't think it's a significant use case for servers that aren't being
installed via kickstart, where there's the opportunity to configure or
open up _whatever_.
For 2), use the same user name you use on the host or your other
computers, and set up sudo to give this user in the guest full
control. This could, if we can automate the sudo part, even be more
convenient: “ssh hostname” now works without having to prepend root@,
or having to add such a configuration to ssh_config.
We already pretty much do this.
So I guess the long-term ideal would be to stop talking about the
“root password” altogether (i.e. have an anaconda install end up with
root password authentication disabled, and for “the” administrator,
set up sudo to be authenticated with their own, not root’s
nonexistent, password), and to stop recommending _any_ log ins
directly to the root account. That would also implicitly resolve the
sshd discussion.
Yes, although I'd argue that in this case it's _more_ important to set
the default to deny, because if everyone assumes that root just can't
get in, it's a cheap back-door to just set a password and hope no one
notices.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader