On Sat, 2021-05-15 at 17:53 +0200, Ralf Corsepius wrote:
On 5/14/21 2:50 PM, Martin Kolman wrote:
> On Thu, 2021-05-13 at 20:09 +0200, Peter Boy wrote:
> > We discussed that in the Fedora Server Edition Working Group and
> > opted to leave it as is for the Server installation iso. A lot of
> > servers are running in a protected environment. And there are
> > situations when you need urgent access but do not sit at your
> > desktop
> > and don’t have the key available. So let the server admin decide
> > what
> > is best in a given installation context. In most cases it is the
> > current default (disallow password login)
> Do those server deployments not have any users accounts other than
> root
> ? Creating a non-root user account, possibly with admin rights (all
> possible from within Anaconda) would seem like a safer option for
> accasional/emergency password based access to such machines over
> SSH.
I don't see, how this would any safer than directly using "root".
As
far as I understand the original change in upstream OpenSSH it's
about only having to remotely guess a password to gain access to the
root account.
In comparison to remotely attack a user account you need to guess both
the user name *and* password, making the potential search space quite a
bit larger (provided the user name is reasonably unique).
Ralf
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure