F22 System Wide Change: Set sshd(8) PermitRootLogin=no

David Woodhouse dwmw2 at infradead.org
Thu Feb 5 10:12:36 UTC 2015

On Mon, 2015-01-19 at 18:15 -0800, Adam Williamson wrote:
> Sure, I just meant it as a handy and clear demonstration of the 
> principle that if you can compromise the environment of a user with 
> sudo or other admin privileges, you're about 97% of the way to root in
> any case.

Right. Don't use sudo. For a server you're not physically sitting in
front of, you *definitely* want to log in as root instead of using sudo.

Please don't make this misguided change. Or if you must, make it
optional. Just a checkbox when setting the root password would suffice.

Or better still, make it possible not to set the root password at all,
if you don't want direct login as root. Use sudo for *everything*.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150205/6e6743c2/attachment-0001.bin>

More information about the devel mailing list