On Sat, 2015-01-31 at 21:21 -0500, Richard Ryniker wrote: > Recapitiulation: > > A security problem was recognized because the ssh daemon is enabled > by default on Fedora systems: with a weak root password, a remote > attacker might easily obtain unlimited access.
This is not quite correct; it should say 'some Fedora systems'. > The direct solution would seem to be a change to the ssh daemon to > prohibit root login in its default configuration, but allow post- > installation change to sshd to permit this where it is desirable. The reason we didn't do this - which was the initial Change proposal - is that we don't have a solid mechanism for deploying any *other* ssh authentication mechanism (i.e. a gpg key) at install time. The 'ssh up with password login enabled' configuration exists because _people use it_ - they deploy systems in remote locations which they then need to log in to, and 'ssh to it with a password' is really the only way we offer to do this OOTB (unless you have AD/FreeIPA management set up). > Ultimately, this indirect solution is weak. Users are likely to > supply an acceptable root password during installation, then change > it to what they desire after installation. Well, that's a possibility, but I don't think I've seen any evidence of it (as cmurf has pointed out we also have no data about the prevalence of weak passwords or attacks on default-configured Fedora systems, though). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
