[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About sshd(8) remote root login feature & Anaconda UI support








From: Adam Williamson <adamwill fedoraproject org>
To: P J P <pjp fedoraproject org>; Discussion of Development and Customization of the Red Hat Linux Installer <anaconda-devel-list redhat com>
Sent: Saturday, January 17, 2015 12:27 AM
Subject: Re: About sshd(8) remote root login feature & Anaconda UI support

On Sat, 2015-01-17 at 03:40 +0000, P J P wrote:
>    Hello,
>
> > On Friday, 16 January 2015 1:42 PM, David Shea wrote:
> > How would the key be delivered in this case? The kickstart command
> > just takes the key as a string, and obviously expecting the user
> > to type in a
> > ssh key isn't going to work. Read from storage? Download from a
> > URL?
>
>
>  Right, true; Reading from storage also sounds iffy, URL support
> could be good. To be honest, this is still an advance feature we can
> have in subsequent releases.
>
> For now, first we need a provision so that users are not locked out
> of their freshly installed systems. Ie. enable remote root
> access('PermitRootLogin=Yes') if no non-root account is created OR
> let user make the choice.
>
> Yesterday I installed F21 on my machine. In that, while creating a
> non-root account, Anaconda shows a CheckBox with caption about
> '..use password authentication...', maybe similar one could be added
> to the window for setting 'root' password. Only in that we prompt
> user if they wish to 'enable' remote root access via ssh(8). This
> CheckBox must be disabled by default.
>
> Does that sound okay?

It's not really the same thing. The user account check box says
"Require a password to use this account". If you uncheck it, the
account is usable without one, basically a guest account. Notably,
anaconda doesn't need to know anything more than how to set up an
account, in that case.

Your checkbox gets anaconda into the business of knowing how to edit
the sshd configuration file, which seems like the kind of sprawl that
all else being equal it can live without. We don't live in a perfect
world and sometimes anaconda needs to be able to do stuff like that
(it can kick off realmd commands and configure the firewall and things
too), but it *is* more complicated than just a box which decides
whether it sets a password on an account at all.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net




I use the Canadian French Keyboard. From bitter experience, I learned never to use Eurosign€,¥, other non a-z characters for root password. If the keyboard fails to be properly setup, its repair flash drive and lost time. I choose something simple like abcd123$ and definitely replace that root password on the first reboot.

Please do not change this part of anaconda.
   
(off topic)
If you do want something good for Fedora22. Choose a root desktop background that significantly different from the non root user default background.  
  
Why?  
There are times that I log into Gnome as root to perform some file maintenance. Nautilus is great for file maintenance (cut and paste, drag and drop, etc). The different desktop background that I always reset is used to remind me to not access the web browser while logged as root, and as well, to logoff immediately after completing the tasks. So far, never had an accidental rm -rf * or mv * command line error.   

 
Regards

 Leslie
Mr. Leslie Satenstein
Montréal Québec, Canada


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]