On 11/24/2014 03:49 PM, Richard Z wrote:
On Mon, Nov 24, 2014 at 02:02:59PM +0100, Petr Lautrbach wrote:
> On 11/24/2014 01:57 PM, Tomas Mraz wrote:
>> On Po, 2014-11-24 at 12:37 +0000, P J P wrote:
...
>> The only remaining problem is for systems which have been
installed
>> previously and have only root login and someone upgrades them to new
>> Fedora release. Here the system would be made inaccessible by the
>> openssh-server rpm upgrade from the old Fedora to F22.
>>
>> I am afraid there is no easy solution for the problem above.
>>
>
> I think it's ok for upgrade between versions if it's promoted as a
> Fedora Feature.
removing root ssh with password is probably a good thing but admins who
configured ssh with public-key auth probably have done that after spending
a few thoughts on it and should not be shot in their feet so quickly.
I agree. It should be documented at least in Fedora release notes and as
a Fedora Feature preferably accepted by FESCO.
However it would effectively affect only those admins who haven't
touched /etc/ssh/sshd_config file given that this file is marked as
%config(noreplace).
Petr
--
Petr Lautrbach