On Mon, 2019-04-15 at 16:31 +0200, Martin Kolman wrote:
On Fri, 2019-04-12 at 13:33 -0600, Chris Murphy wrote:
Hi,
I ran into this "fun" hack https://news.ycombinator.com/item?id=19642554 and I'm wondering whether it'd be a good idea for F31 to ship with:
#AllowAgentForwarding no #PasswordAuthentication no
Cockpit provides an interface to add SSH public keys for a while now. However the installer doesn't require creation of an admin user, it's an option.
This is not entirely correct. During a "normal" installation from network or DVD Anaconda, both interactive and kickstart Anaconda does require to have one of:
- a root user account with password set
- a user in the wheel group
If either of those is satisfied - or both - the installation can proceed.
Note that this does not check for the root/user account being locked. Apparently Anaconda is just fine with a system that only has a root account with password set, which is locked. I guess this could still be considered fine for some use cases ?
It is only in the special case od the live installation that we allow the installation to proceed without the above condition (root with password/user in wheel group), due to the root and user configuration spokes being disabled.
A slight correct, I mean the Fedora Workstation live. The other Fedora live spins AFAIK have the root & user configuration screens.
Related to that, I'd like to see the installer: a. Require creation of a non-root user with "Make this user administrator" checked by default b. Root user has "Lock root account" checked by default
When I check "lock root account" and return to the installation overview, it shows for root user that logins are disabled, so it's not like the person doing the install has to go dig around for the fact root user will be disabled. And they can easily uncheck it and set a password.
Any thoughts?
-- Chris Murphy _______________________________________________ server mailing list -- server@lists.fedoraproject.org To unsubscribe send an email to server-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org
server mailing list -- server@lists.fedoraproject.org To unsubscribe send an email to server-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org