SSHd
Arthur Pemberton
pemboa at gmail.com
Sun Aug 20 22:59:39 UTC 2006
On 8/20/06, dragoran <dragoran at feuerpokemon.de> wrote:
> Arthur Pemberton wrote:
> > On 8/20/06, Kostas Georgiou <k.georgiou at imperial.ac.uk> wrote:
> >> On Sun, Aug 20, 2006 at 12:54:30PM +0200, Christian Rose wrote:
> >>
> >> > On 8/19/06, Arthur Pemberton <pemboa at gmail.com> wrote:
> >> > >Why does FC ship openssh with sshd allowing root logins? And are
> >> there
> >> > >any plans to preempt the now routine sshd weak password hunting bots?
> >> >
> >> > IIRC, the idea was that you should not end up with being locked out of
> >> > a remote system if that system's /home NFS mount was somehow screwed
> >> > up. With allowing root to log in, you could still fix a remote system
> >> > using NFS-mounted home directories.
> >>
> >> Not to mention that kerberos/ldap/nis/whatever might be down so user
> >> logins might not be available.
> >>
> >> Anaconda, authconfig can ask questions at install time like:
> >> Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc.
> >> Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc.
> >> and setup an access.conf file.
> >>
> >
> > That seems like a just as good solution, esp. if that screen can be
> > skipped by a newbie, and have things default to 'safer' settings.
> >
> or add a extra tab to system-config-securitylevel
> >> Kostas
> >>
I would see an 'and' instead of an 'or' in that suggestion.
--
To be updated...
More information about the devel
mailing list