[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About sshd(8) remote root login feature & Anaconda UI support



On Thu, Jan 15, 2015 at 05:27:13PM +0000, P J P wrote:
>    Hello David,
> 
> > On Thursday, 15 January 2015 8:57 PM, David Shea wrote:
> > No. UI changes are not something that should be done casually, and UI 
> > changes that requires a paragraph of text to explain are going to be 
> > either not read or not understood by the majority of users.
> 
>   Agreed. It was only meant to convey an idea. Actual UI design and text
> could be different.
> 
> > The first question I have: do we really need to do anything at all? Do 
> > we expect any use cases where someone does an interactive install and 
> > will not have console access when they are done?

That's certainly possible if they're using vnc to setup the system and
reboot before setting up keys manually. Most providers also offer
console access to systems these days, but it is certainly possible to
end with only ssh access to the box.

>   Right, that seems unlikely, but there might be cases, I'm not sure. Given
> below are the Server SIG meeting logs, wherein this topic was discussed
> and the UI changes were suggested.
> 
> Please see:
>   -> http://meetbot.fedoraproject.org/fedora-meeting-1/2015-01-13/fedora-meeting-1.2015-01-13-16.00.log.html
> 
> > If so, can we just turn password-based root login on if no admin user
> > is created during the install?
> 
>   Not admin, but non-root user. It'll definitely help to enable password-based
> root login, if no non-root user is created.
> 
> Either solution would serve the purpose. Main intention is that end user
> should not get locked out of their freshly installed Fedora systems,
> because of the proposed feature change.

I don't like the idea of switching options in the background based on
what combination of users, checkboxes, etc. have been set. That's going
to end up confusing people or leaving the setup in an unexpected state.0

Switching root to key only really doesn't help much. All that does is
move the attack to the user account (assuming they are in wheel).
Disabling password login for all accounts is what would make it secure.

But the problem with that is that there is no good way to get the
authorized key onto the system if they do need to login via ssh. You can
now do this in kickstart using the new sshkey command.

A possible alternative is:

1. Stronger root password. We really should switch from a minimum length
of 6 to 8 anyway.

2. Don't allow weak root passwords at all. Remove the double done click
to bypass it. This will annoy me while installing vms repeatedly, but it
is an improvement while still allowing remote access.

3. And maybe drop root login completely and move to user+strong pw+wheel

This would increase security, a bit, and still let users connect to a
fresh system without console access.

-- 
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]