Abotu setting 'PermitRootLogin=no' in sshd_config
Scott Schmit
i.grok at comcast.net
Wed Nov 26 16:48:37 UTC 2014
On Tue, Nov 25, 2014 at 09:56:59AM -0500, Simo Sorce wrote:
> On Sat, 22 Nov 2014 08:24:32 +0000 (UTC) P J P wrote:
> > > On Saturday, 22 November 2014 1:39 AM, Richard W.M. Jones wrote:
> > >> On Fri, Nov 21, 2014 at 09:11:51AM +0100, Florian Weimer wrote:
> > >> The latter. We have to install authorized_keys inside the VM
> > >> anyway, so we can touch sshd_config, too.
> > >
> > > Virt-builder has a new '--ssh-inject' feature (in F22 only).
> > >
> > > $ virt-builder fedora-20 --ssh-inject root
> > >
> > > would inject your current ssh key into the root account of the new
> > > VM. There are other variations, including ways to create a non-root
> > > user account, see:
> > >
> > > http://libguestfs.org/virt-builder.1.html
> >
> > Excellent! :)
> >
> > So far the consensus seem that it is okay to reverse the current
> > default and set PermitRootLogin=no. I'll talk to the upstream
> > maintainer - plautrba(https://fedoraproject.org/wiki/User:Plautrba).
> >
> > Thank you.
>
> We can install machine w/o user accounts, removing the ability to log
> in as root via ssh means those machines will not be accessible.
>
> If you want to remove root access that should be conditionally done at
> firstboot only if a user account was created.
It seems to me that we could tweak this somewhat: "only if a user
account was created OR remote users have been configured"
--
Scott Schmit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3891 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141126/b17cd7dd/attachment.bin>
More information about the devel
mailing list