SSH

Posted Jan 19, 2005 2:31 UTC (Wed) by gdt (subscriber, #6284)
Parent article: Fedora Core 4 plans announced

My humble request would be for the SSH server's configuration to be tightened (no root login, restrict logins to a particular group, say "ssh").

The current configuration relies upon users choosing good passwords, and we know that 10% of users can't do that. The anaconda installer doesn't test the strength of the root password, so about 10% of installations by non-professional sysadmins can be expected to fall to intensive SSH scanning.

There should be some sysadmin action before an account's password is made accesable to scanners.

to post comments

SSH

Posted Jan 20, 2005 20:56 UTC (Thu) by brouhaha (subscriber, #1698) [Link]

My humble request would be for the SSH server's configuration to be tightened (no root login

I disagree that this should be a default. I can sort of see why someone might want that, though I never would. But I routinely *depend* on the ability to SSH into a newly installed box as root.

restrict logins to a particular group, say "ssh"

That seems much more useful. If you had that feature, and you really didn't want to allow root login by ssh, you could simply leave root out of the ssh group.

SSH

Posted Feb 12, 2005 22:06 UTC (Sat) by mperkel (guest, #27861) [Link]

I strongly disagree. I always SSH in as root. I have no use for artificial restrictions and the mythology about running as root. I'm and expert and when I want to get real work done I don't want the OS restricting me. In fact - make of the servers I run only have a root user and nothing else.

If you don't know how to run as root you shouldn't get a command line at all.