Hi,
I ran into this "fun" hack https://news.ycombinator.com/item?id=19642554 and I'm wondering whether it'd be a good idea for F31 to ship with:
#AllowAgentForwarding no #PasswordAuthentication no
Cockpit provides an interface to add SSH public keys for a while now. However the installer doesn't require creation of an admin user, it's an option.
Related to that, I'd like to see the installer: a. Require creation of a non-root user with "Make this user administrator" checked by default b. Root user has "Lock root account" checked by default
When I check "lock root account" and return to the installation overview, it shows for root user that logins are disabled, so it's not like the person doing the install has to go dig around for the fact root user will be disabled. And they can easily uncheck it and set a password.
Any thoughts?