About sshd(8) PermitRootLogin=no

[Tristan Santore]

On 25/11/14 08:04, P J P wrote:
>    Hello Tomas, all
>
>> On Monday, 24 November 2014 6:27 PM, Tomas Mraz wrote:
>> The reason the root login with password was kept allowed was the support
>> for vnc installation without kickstart as it was previously impossible
>> to create regular user in anaconda. Now that anaconda allows to create
>> regular user accounts we could disable sshd root login with password. We
>> just need to properly advertise that.
>   True; that's manageable.
>
>> The only remaining problem is for systems which have been installed
>> previously and have only root login and someone upgrades them to new
>> Fedora release. Here the system would be made inaccessible by the
>> openssh-server rpm upgrade from the old Fedora to F22.
>>
>> I am afraid there is no easy solution for the problem above.
>
>   Ummn for Fedora upgrades, maybe in OpenSSH %post install section we could display a bold warning message about this change, so that the user is aware of it. This message could be removed in the subsequent updates to the OpenSSH package.
>
> ---
> Regards
>    -Prasad
> http://feedmug.com
> --
> security mailing list
> security at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/security
Hi All,

Are we talking here physical releases ? Or just infra or just best
advice for people ? I fear that if we do disable SSH root logins, this
will make some people's lives a lot harder. But could somebody please be
so kind to clarify what exactly we are considering here ?

Thank you.

Regards,

Tristan

-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at fedoraproject.org