[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

About sshd(8) remote root login feature & Anaconda UI support

   Hello all,

Please see:
   -> https://www.piratepad.ca/p/ssh-remoterootloigin
   -> https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no
   -> https://lists.fedoraproject.org/pipermail/devel/2015-January/206157.html

This is a F22 feature that proposes to restrict remote 'root' access via ssh,
by setting the "PermitRootLogin=without-password" option in default sshd(8)

- As result, one would require at least one non-root user account to be
created at install time.

- And if a user does not want to create non-root account, a provision needs
to be made to enable remote root access by setting 'PermitRootLogin=Yes'
in the sshd(8) configuration.

- Additionally, one might wish to add the ssh keys at installation time.
It seems similar function is provided by cloud-init tool.

Though many agree that it is a useful change and usage of ssh keys for
authentication offers more long term benefits, major contention is that this
change would break user experience and should have support in Anaconda UI
to enable remote root access.

Could a CheckBox be added to the Anaconda installation workflow, which would
be used to enable remote root access, by setting PermitRootLogin='Yes'.
Something like:

    sshd(8) server has restricted remote 'root' access via ssh keys
    authentication only. This could potentially lock you out of the system,
    unless you have created a non-root account or have configured ssh keys
    for authentication. Would you like to enable remote 'root' access via
    password authentication?

    [] Enable remote root access via password.

This is one of the suggestion, the feature page lists few more workflow
changes that are deemed necessary. I'm not sure how easy or difficult it
is to implement these changes.

Could someone please help us with the implementation of these changes?
If so, should RFE bugs be filed for these changes?? I'm willing to
help in any way I could.

If you have any comments or suggestions about the proposed feature and/or
accompanying workflow changes, they are most welcome.

Thank you.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]