Abotu setting 'PermitRootLogin=no' in sshd_config
Nico Kadel-Garcia
nkadel at gmail.com
Wed Nov 26 01:06:13 UTC 2014
On Tue, Nov 25, 2014 at 10:23 AM, Kevin Fenzi <kevin at scrye.com> wrote:
> On Tue, 25 Nov 2014 09:56:59 -0500
> Simo Sorce <simo at redhat.com> wrote:
>
>> We can install machine w/o user accounts, removing the ability to log
>> in as root via ssh means those machines will not be accessible.
>
> This has been the reason this hasn't been changed the last few times
> someone proposed to change it.
>
> I don't know how many folks do installs with no user config, but it's
> definitely possible right now and that could mean they wouldn't be able
> to reach their instance. We could of course change that so creating a
> new user is forced, but I'm really not sure it's that much advantage.
>
>> If you want to remove root access that should be conditionally done at
>> firstboot only if a user account was created.
>
> This seems a more reasonable place to look to change this, I agree.
>
> kevin
No user config *and no console access* is where it breaks down. Most
people who run real servers use either virtualization, which provides
a form of console access, or remote KVM's, or have hands and eyes.
More information about the devel
mailing list