[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSHd



On 8/20/06, dragoran <dragoran feuerpokemon de> wrote:
Arthur Pemberton wrote:
> On 8/20/06, Kostas Georgiou <k georgiou imperial ac uk> wrote:
>> On Sun, Aug 20, 2006 at 12:54:30PM +0200, Christian Rose wrote:
>>
>> > On 8/19/06, Arthur Pemberton <pemboa gmail com> wrote:
>> > >Why does FC ship openssh with sshd allowing root logins? And are
>> there
>> > >any plans to preempt the now routine sshd weak password hunting bots?
>> >
>> > IIRC, the idea was that you should not end up with being locked out of
>> > a remote system if that system's /home NFS mount was somehow screwed
>> > up. With allowing root to log in, you could still fix a remote system
>> > using NFS-mounted home directories.
>>
>> Not to mention that kerberos/ldap/nis/whatever might be down so user
>> logins might not be available.
>>
>> Anaconda, authconfig can ask questions at install time like:
>>  Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc.
>>  Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc.
>> and setup an access.conf file.
>>
>
> That seems like a just as good solution, esp. if that screen can be
> skipped by a newbie, and have things default to 'safer' settings.
>
or add a extra tab to system-config-securitylevel
>> Kostas
>>

I would see an 'and' instead of an 'or' in that suggestion.

--
To be updated...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]