F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Volker Sobek
volker.sobek at ymail.com
Mon Jan 12 22:51:34 UTC 2015
Am Montag, den 12.01.2015, 17:20 +0000 schrieb P J P:
> > If you really want to improve security and mitigate BF attacks against root, do this:
> > A) do not run SSHD by default
>
> That's a non-option.
This is actually implemented in Workstation, i.e. the sshd.service is
not enabled by default when installing from the Workstation Live CD (or
any other live CD, I think). The explanation I once got for this can be
found in [0]. I guess this is also what most users of Workstation would
expect.
On the other hand, when using the server netinst image (which, despite
its name, is a generic installation image) to install Workstation, you
end up with an enabled sshd.service after installation.
Maybe this difference can be addressed together with what ever is
decided upon in this discussion? I think having some consistency here
would be good.
[0] https://bugzilla.redhat.com/show_bug.cgi?id=869848#c6
--
Volker
More information about the devel
mailing list