[CHANGE PROPOSAL] The securetty file is empty by default

Reindl Harald h.reindl at thelounge.net
Wed Apr 2 17:37:01 UTC 2014

Am 02.04.2014 19:29, schrieb Chris Adams:
> Once upon a time, Jaroslav Reznik <jreznik at redhat.com> said:
>> ----- Original Message -----
>>> [CHANGE PROPOSAL] The securetty file is empty by default
>>> All the info has been sitting here @
>>> https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default
>>> since March 20th.
>>> Did I mess something up? Or is there just a backlog?
>> Backlog. But for this one, I'd really like to see some discussion
>> in advance of the real announcement. So thank you for this email.
> I'd be opposed to locking root out of the console login (having spent
> today at work tracking down miscellaneous VMs with only a root user
> created)


a golden-master for a virtual infrastructure usually do not
have any other login user because which one is decided after
clone and intention of the final machine instead some generic

> Fedora still allows root SSH logins by default; how is that more secure
> than the console?

it is not but disable that in a default install makes nothing more secure
the only secure SSH setup is that one where no password login is allowed
and that is a chicken/egg problem not solveable at setup

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140402/b67a898c/attachment-0001.sig>

More information about the devel mailing list