Abotu setting 'PermitRootLogin=no' in sshd_config

Reindl Harald h.reindl at thelounge.net
Thu Nov 27 11:19:16 UTC 2014

Am 27.11.2014 um 12:13 schrieb P J P:
> Just because it is easy to infer non-root user names does not mean we tell people it is 'root'. Secondly, it might be easy for you to infer such names, not for everyone. The increased difficulty level that is added by not allowing remote root login could help to thwart lot of real & automated attacks.[1] Thirdly, it need not have to be entirely about security, it's also about picking the right default configuration. Same as disabling sshd(8) in Workstation by default. As Scott wrote above

so why not consider disable sshd at all and make a checkbox in Anaconda 
"ssh support yes/no" because after somebody says "yes" it's his clearly 
decision and he is responsible to secure it with key-only auth

i guess the answer will be "because too many options in the installer 
will harm" which i can't support - to less options IMHO harm forcing the 
user to look what is setup and how

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141127/1c1b8511/attachment.sig>

More information about the devel mailing list