On 25/11/14 08:04, P J P wrote:
Hello Tomas, all
> On Monday, 24 November 2014 6:27 PM, Tomas Mraz wrote:
> The reason the root login with password was kept allowed was the support
> for vnc installation without kickstart as it was previously impossible
> to create regular user in anaconda. Now that anaconda allows to create
> regular user accounts we could disable sshd root login with password. We
> just need to properly advertise that.
True; that's manageable.
> The only remaining problem is for systems which have been installed
> previously and have only root login and someone upgrades them to new
> Fedora release. Here the system would be made inaccessible by the
> openssh-server rpm upgrade from the old Fedora to F22.
>
> I am afraid there is no easy solution for the problem above.
Ummn for Fedora upgrades, maybe in OpenSSH %post install section we could display a
bold warning message about this change, so that the user is aware of it. This message
could be removed in the subsequent updates to the OpenSSH package.
---
Regards
-Prasad
http://feedmug.com
--
security mailing list
security(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security Hi All,
Are we talking here physical releases ? Or just infra or just best
advice for people ? I fear that if we do disable SSH root logins, this
will make some people's lives a lot harder. But could somebody please be
so kind to clarify what exactly we are considering here ?
Thank you.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org