On Thu, Nov 27, 2014 at 8:06 AM, P J P <pj.pan...@yahoo.co.in> wrote: >> On Thursday, 27 November 2014 4:49 PM, Reindl Harald wrote: >> so why not consider disable sshd at all and make a checkbox >> in Anaconda "ssh support yes/no" because after somebody says "yes" >> it's his clearly decision and he is responsible to secure it with key-only >> auth > > Sure these are options, which need to be evaluated against their pros and > cons. > > For the 'Disable remote root login' option, this evaluation has been more > positive than negative. Cases wherein it is negative, is mostly due to the > tweaking that users would have to incorporate in their workflow, ex. > explicitly enable remote root login after creating a new VM. This is easily > doable because these users are fairly experienced ones. Idea is not to punish > them for it, but to depend on their expertise rather than to expect that > unknown users would/should know how to safe guard their systems. > > Overall this feature adds more value to Fedora, than its perceived short term > cost.
I agree, from a basic security standpoint, that it's the simplest change with the largest return on investment. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct