Abotu setting 'PermitRootLogin=no' in sshd_config
P J P
pj.pandit at yahoo.co.in
Thu Nov 27 13:06:30 UTC 2014
> On Thursday, 27 November 2014 4:49 PM, Reindl Harald wrote:
> so why not consider disable sshd at all and make a checkbox
> in Anaconda "ssh support yes/no" because after somebody says "yes"
> it's his clearly decision and he is responsible to secure it with key-only auth
Sure these are options, which need to be evaluated against their pros and cons.
For the 'Disable remote root login' option, this evaluation has been more positive than negative. Cases wherein it is negative, is mostly due to the tweaking that users would have to incorporate in their workflow, ex. explicitly enable remote root login after creating a new VM. This is easily doable because these users are fairly experienced ones. Idea is not to punish them for it, but to depend on their expertise rather than to expect that unknown users would/should know how to safe guard their systems.
Overall this feature adds more value to Fedora, than its perceived short term cost.
More information about the devel