A Topic that needs to be discussed on next the QA meeting..
Tomas Mraz
tmraz at redhat.com
Tue Mar 18 08:11:08 UTC 2008
On Mon, 2008-03-17 at 19:53 -0700, Andrew Farris wrote:
> Had you even considered asking denyhosts to be a part of the base install and
> configured to start blocking hosts after 10 account failures, or when attempts
> at service account logins are made? Problem solved.. ssh still open.
Perhaps we should add pam_abl to default sshd PAM configuration with
some reasonable defaults on how many auth failures are allowed?
> I would argue that blocking root from ssh logins by default would be smart. I
> would think a livecd install (almost always a desktop user) it should be blocked
> by the firewall by default. But seriously this rant is a bit over the top.
Unfortunately user accounts are set up in firstboot so disabling root
login in ssh by default is not possible.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-test-list
mailing list