Abotu setting 'PermitRootLogin=no' in sshd_config
Simo Sorce
simo at redhat.com
Tue Nov 25 15:37:43 UTC 2014
On Tue, 25 Nov 2014 08:23:22 -0700
Kevin Fenzi <kevin at scrye.com> wrote:
> On Tue, 25 Nov 2014 09:56:59 -0500
> Simo Sorce <simo at redhat.com> wrote:
>
> > We can install machine w/o user accounts, removing the ability to
> > log in as root via ssh means those machines will not be accessible.
>
> This has been the reason this hasn't been changed the last few times
> someone proposed to change it.
>
> I don't know how many folks do installs with no user config, but it's
> definitely possible right now and that could mean they wouldn't be
> able to reach their instance. We could of course change that so
> creating a new user is forced, but I'm really not sure it's that much
> advantage.
My machines get joined to an IPA domain as soon as they are finished
installing, I do *not* want a local user, it would be a liability.
> > If you want to remove root access that should be conditionally done
> > at firstboot only if a user account was created.
>
> This seems a more reasonable place to look to change this, I agree.
>
> kevin
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list