On 6 October 2016 at 09:07, Jon Stanley jonstanley@gmail.com wrote:
On Thu, Oct 6, 2016 at 8:24 AM, Stephen Gallagher sgallagh@redhat.com wrote:
We haven't come up with a way that disabling remote root login isn't a huge burden on bootstrapping a new deployment.
I think there's one, and it's really quite simple and elegant I think.
First, we remove (or make very non-obvious) the ability to set a root password in the Anaconda GUI, and force the creation of an administrative user. Then to further bootstrap the machine, you MUST login with that user and use sudo. Ansible natively supports this (using 'become') and Cockpit also supports login by such a user.
Of course, users that needed the ability to set a root password for whatever reason could do so via kickstart.
Isn't this just shuffling the chairs on the titanic? Especially in preinstalled systems in a cloud or VPS? There has to be an account that someone needs to get into remotely that needs to become root. If we are worried about bad passwords we are going to have bad passwords in that user and we haven't fixed anything because once they have that user they can sudo and put the bad password they know in for that user. [I believe various ssh bots do this by default so it isn't a leap here.]
server mailing list -- server@lists.fedoraproject.org To unsubscribe send an email to server-leave@lists.fedoraproject.org