F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Dennis Gilmore
dennis at ausil.us
Tue Jan 13 17:46:40 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 13 Jan 2015 12:26:04 -0500
Ben Cotton <bcotton at fedoraproject.org> wrote:
> I updated the change page with a small change to the User Experience
> section. It now matches the effect of the updated proposal.
>
> On Tue, Jan 13, 2015 at 11:34 AM, Dennis Gilmore <dennis at ausil.us>
> wrote:
> > I suspect that to properly support making changes here
> > it needs to be strongly tied into anaconda changes that manage the
> > initial sshd config file.
>
> Would the ability to specify a public key (via the GUI or as a command
> line option) suit your needs? This seems like the simplest approach
> since it wouldn't require much logic, though it would still require
> changes to anaconda. This would still allow us to proceed with
> disabling password-based root login, but give users the option to keep
> from locking themselves out of a remote machine post-install.
I could make that work but it is far from ideal as I would need to make
sure that its available over a network connection. For one I would need
to remember the url to the key so that it can be fetched. currently I
set a password, run ssh-copy-id then ssh in and change the root
password to a more secure one. While I can vnc in to the console I
don't trust it to be secure. especially when I am doing it to machines
out on the internet.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJUtVoAAAoJEH7ltONmPFDR8M8QANPt2kmDJTxqHg1wyGm6z7mp
A/OW0I4IiRhf4JXNWTfYNnjU528wL+j8jQlRjEhnik7sZVJs1nPvCjVNkdeCqgd/
jiLdvZfQxLeGRNtgzZRXQ/6hzXsU8NCgriMqm2KWQNb2bvoROWQwR/de+wsAqnld
QPfniPfFfnVcHIWL46F62h//QGx8yVFMePSMSuVrGKH6pyFvhN/6KtMa75e52l9B
aI/eJ7SbXL3eDn/5RYX3vJEa2VfXoi/A0NZfkHBmLzV89lJMgLKrQ7ksMoIHMMH7
gzMJb+jQQ8slSyzFy4OgXRimA4r+LWAaddZw7eZx62Ir6EMiUeD5S6HvTK9ItLdm
DEedVeXfIl002/LZJd8REYWcDBzmRdFAqMbUtvLuIbyM8I756y7wsOhkLiJyAXT4
uAaTwnA2xHZtkhUCg69WOyl5QBLt6UCTI9N+ju60M5LIe4MLRJ+/kRCDznyP9NeS
fOAO8Zjepo+wAUUsgH6cg8mYV4o14XJx8k0CWnH901G8i1yeEwzlARe4C3gO8Y1R
wFLYZTk2GfpNvKWIeOVwZB+3sidFQXkNnUiSI8ouLQt2UJm0IlCCTw6NuLY3LrTX
Ye/6m/WjEBAa+oyncHi2LRfsDcKWkmpXO+KCMPha/eQDL80Vp0XVQx+7uqPGDILX
Ua7KZdNyZfHaUE3EBEj4
=1/Eg
-----END PGP SIGNATURE-----
More information about the devel
mailing list