Abotu setting 'PermitRootLogin=no' in sshd_config

Simo Sorce simo at redhat.com
Tue Nov 25 14:56:59 UTC 2014


On Sat, 22 Nov 2014 08:24:32 +0000 (UTC)
P J P <pj.pandit at yahoo.co.in> wrote:

> > On Saturday, 22 November 2014 1:39 AM, Richard W.M. Jones wrote:
> >> On Fri, Nov 21, 2014 at 09:11:51AM +0100, Florian Weimer wrote:
> >> The latter.  We have to install authorized_keys inside the VM
> >> anyway, so we can touch sshd_config, too.
> > 
> > Virt-builder has a new '--ssh-inject' feature (in F22 only).
> > 
> >   $ virt-builder fedora-20 --ssh-inject root
> > 
> > would inject your current ssh key into the root account of the new
> > VM. There are other variations, including ways to create a non-root
> > user account, see:
> > 
> > http://libguestfs.org/virt-builder.1.html
> 
> >
> 
>   Excellent! :)
> 
> 
> So far the consensus seem that it is okay to reverse the current
> default and set PermitRootLogin=no. I'll talk to the upstream
> maintainer - plautrba(https://fedoraproject.org/wiki/User:Plautrba).
> 
> Thank you.

We can install machine w/o user accounts, removing the ability to log
in as root via ssh means those machines will not be accessible.

If you want to remove root access that should be conditionally done at
firstboot only if a user account was created.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


More information about the devel mailing list