[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About sshd(8) remote root login feature & Anaconda UI support

Hash: SHA1

On Thu, 15 Jan 2015 12:08:35 -0800
"Brian C. Lane" <bcl redhat com> wrote:

> On Thu, Jan 15, 2015 at 05:27:13PM +0000, P J P wrote:
> >    Hello David,
> > 
> > > On Thursday, 15 January 2015 8:57 PM, David Shea wrote:
> > > No. UI changes are not something that should be done casually,
> > > and UI changes that requires a paragraph of text to explain are
> > > going to be either not read or not understood by the majority of
> > > users.
> > 
> >   Agreed. It was only meant to convey an idea. Actual UI design and
> > text could be different.
> > 
> > > The first question I have: do we really need to do anything at
> > > all? Do we expect any use cases where someone does an interactive
> > > install and will not have console access when they are done?
> That's certainly possible if they're using vnc to setup the system and
> reboot before setting up keys manually. Most providers also offer
> console access to systems these days, but it is certainly possible to
> end with only ssh access to the box.
> >   Right, that seems unlikely, but there might be cases, I'm not
> > sure. Given below are the Server SIG meeting logs, wherein this
> > topic was discussed and the UI changes were suggested.
> > 
> > Please see:
> >   ->
> > http://meetbot.fedoraproject.org/fedora-meeting-1/2015-01-13/fedora-meeting-1.2015-01-13-16.00.log.html
> > 
> > > If so, can we just turn password-based root login on if no admin
> > > user is created during the install?
> > 
> >   Not admin, but non-root user. It'll definitely help to enable
> > password-based root login, if no non-root user is created.
> > 
> > Either solution would serve the purpose. Main intention is that end
> > user should not get locked out of their freshly installed Fedora
> > systems, because of the proposed feature change.
> I don't like the idea of switching options in the background based on
> what combination of users, checkboxes, etc. have been set. That's
> going to end up confusing people or leaving the setup in an
> unexpected state.0
> Switching root to key only really doesn't help much. All that does is
> move the attack to the user account (assuming they are in wheel).
> Disabling password login for all accounts is what would make it
> secure.
> But the problem with that is that there is no good way to get the
> authorized key onto the system if they do need to login via ssh. You
> can now do this in kickstart using the new sshkey command.

This is good to know. 

> A possible alternative is:
> 1. Stronger root password. We really should switch from a minimum
> length of 6 to 8 anyway.

> 2. Don't allow weak root passwords at all. Remove the double done
> click to bypass it. This will annoy me while installing vms
> repeatedly, but it is an improvement while still allowing remote
> access.
while i will be annoyed on test machines I would accept this.
> 3. And maybe drop root login completely and move to user+strong
> pw+wheel

Many people, myself included never use local accounts and join a
machine to an ipa domain or some other sort of remote service. Having
security through obscurity is really not a effective way to implement.
and it will annoy users. I think we should just make root more secure.

> This would increase security, a bit, and still let users connect to a
> fresh system without console access.

Version: GnuPG v2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]