[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Removing the number of installation screens (F-14)



Hi,

On 05/11/2010 04:12 PM, Ales Kozumplik wrote:
On 05/11/2010 04:02 PM, Hans de Goede wrote:
Hi,

On 05/11/2010 03:53 PM, Ales Kozumplik wrote:
On 05/11/2010 01:43 PM, Hans de Goede wrote:

2) There is no need to configure the root password during installation,
move
this to firstboot preferably to the user configuration screen.


That screen is so annoying! It always says my password is weak.

But wouldn't what you suggest create a security problem? An evil guy
could try to ssh to your machine after sshd is up and before firstboot
sets the root password.


If the root password is empty ssh does not allow a root login.

Regards,

Hans


Isn't it enabled by default:
man sshd_config

PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be
“yes”, “without-password”, “forced-commands-only”, or “no”. The default is
“yes”.


Read again, the default is yes, iow the default is to not allow empty. The meaning
of this setting is:
no -> never
yes -> allow if a password is set
without-password -> allow even if the password is empty

So the default is to disallow logins with an empty password. Note we could also
make really sure and write a disabled password (iow a "*" in /etc/shadow). But
that becomes sort of nasty when someone does a textmode install and forgets
to set the root password in firstboot (textmode firstboot does not mandate on
to go through all the steps).

Regards,

Hans


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]