F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Simo Sorce
simo at redhat.com
Wed Jan 14 17:14:21 UTC 2015
On Wed, 14 Jan 2015 16:54:09 +0000 (UTC)
P J P <pj.pandit at yahoo.co.in> wrote:
> Hi,
>
> > On Wednesday, 14 January 2015 8:01 PM, Simo Sorce wrote:
> > Ok, I state my opposition to without-password too inequivocably
> > here. Mostly because it is just the same as 'no', given there is no
> > way, in a regular install to seed a key into the root account.
> >
> > Except you have no mechanism to inject a key at installation time,
>
>
> Sure. Could you please elaborate how would you like this key to be
> injected into the 'root' account? Feature page does have a listed
> workflow change:
>
> "Anaconda installer OR maybe OpenSSH package needs to create
> initial set of authentication keys for 'root' user."
Sorry,
but what is the point of this operation, wrt auth with keys issue ?
> It'll help if you could add your details to the ether pad, for
> later reference.
>
> here -> https://www.piratepad.ca/p/ssh-remoterootloigin
>
>
> > The intention may be not, then I'll call it poor execution/planning
> > and still oppose this move *at this time* unless there is proof we
> > address the usability problem first.
>
> We are still in the proposal state, not execution yet. IMO, before
> we request the respective upstream developers to provide the needed
> functionality, we need to state and agree on the usability
> requirements. That'll be useful in the evaluation of the feature by
> the FES committee too. Otherwise it's a chicken-and-egg problem.
It *is* a chicken-egg issue to some degree.
> I'd request all(those who are opposing) too describe their
> requirements in the etherpad page above.
Being able to authenticate as root right after installation would be
the requirement for me.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list