About sshd(8) PermitRootLogin=no
Petr Lautrbach
plautrba at redhat.com
Mon Nov 24 15:02:48 UTC 2014
On 11/24/2014 03:49 PM, Richard Z wrote:
> On Mon, Nov 24, 2014 at 02:02:59PM +0100, Petr Lautrbach wrote:
>> On 11/24/2014 01:57 PM, Tomas Mraz wrote:
>>> On Po, 2014-11-24 at 12:37 +0000, P J P wrote:
...
>>> The only remaining problem is for systems which have been installed
>>> previously and have only root login and someone upgrades them to new
>>> Fedora release. Here the system would be made inaccessible by the
>>> openssh-server rpm upgrade from the old Fedora to F22.
>>>
>>> I am afraid there is no easy solution for the problem above.
>>>
>>
>> I think it's ok for upgrade between versions if it's promoted as a
>> Fedora Feature.
>
> removing root ssh with password is probably a good thing but admins who
> configured ssh with public-key auth probably have done that after spending
> a few thoughts on it and should not be shot in their feet so quickly.
>
I agree. It should be documented at least in Fedora release notes and as
a Fedora Feature preferably accepted by FESCO.
However it would effectively affect only those admins who haven't
touched /etc/ssh/sshd_config file given that this file is marked as
%config(noreplace).
Petr
--
Petr Lautrbach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20141124/76b5311b/attachment.sig>
More information about the security
mailing list