About sshd(8) PermitRootLogin=no
Simo Sorce
simo at redhat.com
Tue Dec 16 15:49:07 UTC 2014
On Mon, 24 Nov 2014 12:37:24 +0000 (UTC)
P J P <pj.pandit at yahoo.co.in> wrote:
> Hello,
>
> Please see
> -> https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no
>
> Last week this was discussed in the FST meeting and on the
> fedora-devel list subsequently. General consensus seems to be that it
> is okay to disable remote 'root' login via sshd(8). Above feature
> request is for the same.
>
> If you have any comments/suggestions/inputs, please feel free share
> them or edit the feature page as required.
As said before this is not ok, it must be conditional to whether or not
a user has been created during the install.
If you cannot make it conditional then this feature should not proceed,
as it will simply break stuff for questionable gains in perceived
security.
After all, only power-users should use SSH so you could as well propose
we do not even start sshd by default. But we do, because it is used, so
breaking it is not a good idea.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the security
mailing list