On Sat, 2015-01-31 at 21:21 -0500, Richard Ryniker wrote:
Recapitiulation:
A security problem was recognized because the ssh daemon is enabled
by default on Fedora systems: with a weak root password, a remote
attacker might easily obtain unlimited access.
This is not quite correct; it should say 'some Fedora systems'.
The direct solution would seem to be a change to the ssh daemon to
prohibit root login in its default configuration, but allow post-
installation change to sshd to permit this where it is desirable.
The reason we didn't do this - which was the initial Change proposal -
is that we don't have a solid mechanism for deploying any *other* ssh
authentication mechanism (i.e. a gpg key) at install time. The 'ssh up
with password login enabled' configuration exists because _people use
it_ - they deploy systems in remote locations which they then need to
log in to, and 'ssh to it with a password' is really the only way we
offer to do this OOTB (unless you have AD/FreeIPA management set up).
Ultimately, this indirect solution is weak. Users are likely to
supply an acceptable root password during installation, then change
it to what they desire after installation.
Well, that's a possibility, but I don't think I've seen any evidence
of it (as cmurf has pointed out we also have no data about the
prevalence of weak passwords or attacks on default-configured Fedora
systems, though).
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net