Firstboot query

Tomas Mraz tmraz at redhat.com
Tue Apr 27 18:43:34 UTC 2010 

On Tue, 2010-04-27 at 19:08 +0100, Adam Williamson wrote: 
> On Tue, 2010-04-27 at 08:59 +0100, Tony Molloy wrote:
> > On Friday 23 April 2010 16:45:55 Adam Williamson wrote:
> > > On Fri, 2010-04-23 at 09:09 -0400, Kamil Paral wrote:
> > > > ----- "Tony Molloy" <tony.molloy at ul.ie> wrote:
> > > > > b. you can't ssh in as root over the network.
> > > > >
> > > > > So you have to login as an ordinary user, su to root, allow port 22
> > > > > through
> > > > > iptables and restart iptables.
> > > >
> > > > I believe this is a bug. AdamW or WWoods reported this issue I think,
> > > > didn't you?
> > > 
> > > I don't believe so, no. As Chris and Johann said, this was removed long
> > > ago and the simple answer is that the original reporter should be
> > > installing labs using a tool intended for the purpose.
> > 
> > Well I've just done a test install of Fedora 12 this morning and I was able to 
> > ssh in to the test machine as root immediately after firstboot. So since Fedora 
> > 12 was released less than 6 months ago I don't see how that feature could have 
> > been removed "long ago"
> > > 
> > > It's certainly not the case that we'd want anaconda to set up machines
> > > so you could ssh into them directly as root by default! That'd be a
> > > really bad idea.
> > > 
> 
> Well, seems like it could stand some investigation. I'm still fairly
> sure we _shouldn't_ allow remote ssh login as root by default, but it
> might be better to check it out with ssh maintainer or something...
This was always allowed with the reasoning that headless remote installs
without kickstart would not be otherwise possible .

If there is consensus that this install use-case should not be supported
anymore it would be possible to
a) disable ssh port in the firewall by default
b) do not start sshd by default
c) disallow root login in the sshd_config file

or any combination of the above.

In my opinion b) alone would be the best choice as this would make sshd
similar to other services.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the test mailing list