On Mon, May 3, 2021 at 1:12 PM Martin Kolman wrote:
>
> Good point & we got quite a few reactions for both keeping and removing
> the option, so I'll create an official Fedora Change proposal.
>
Thanks! Feel free to reach out via email or IRC/Matrix if you have any
questions.
> I guess this can
> On Thu, Apr 29, 2021 at 4:17 PM Martin Kolman
I agree with this change, however it's the sort of thing that should
> go through Fedora's Changes process:
>
https://docs.fedoraproject.org/en-US/program_management/changes_policy/
>
> This gives it increased visibility within the Fedora
On Mon, May 3, 2021 at 11:14 AM Martin Kolman wrote:
>
> On Sat, 2021-05-01 at 23:23 +, patra...@gmail.com wrote:
> > > On 4/30/21 10:23 AM, Richard W.M. Jones wrote:
> > >
> > > +1
> > >
> > > in addition to, e.g., an _initial_ setup on a remote/headless box at
> > > a VPS.
> >
> > Ubuntu
On Sat, 2021-05-01 at 14:14 +, Wolfgang Ulbrich wrote:
> Yes, why not adding an option to anaconda to create a personal ssh
> key?
> Same like amazon cloud does.
> Eg. when you create a el8 server in AWS, AWS gives you an option to
> create a ssh key before you finish the setup of this
On Fri, 2021-04-30 at 15:33 -0400, DJ Delorie wrote:
>
> I normally would complain about taking options away from users, but
> as I
> typically use ssh for root *anyway*, I felt this wasn't appropriate
> (although I have a friend who never uses ssh keys, always
> password-over-ssh).
>
> I would,
On Sat, 2021-05-01 at 08:32 +0200, Peter Boy wrote:
>
>
> > Am 29.04.2021 um 22:09 schrieb Martin Kolman :
> >
> > Hi!
> > At the moment the Anaconda installer used by Fedora contains an
> > option
> > called "Allow SSH root login with password" on the root password
> > configuration screen.
>
On Sat, 2021-05-01 at 23:23 +, patra...@gmail.com wrote:
> > On 4/30/21 10:23 AM, Richard W.M. Jones wrote:
> >
> > +1
> >
> > in addition to, e.g., an _initial_ setup on a remote/headless box at
> > a VPS.
>
> Ubuntu Server installer handles this in a very nice way by allowing to
> import
Once upon a time, Nico Kadel-Garcia said:
> Local root passwords can be set to expire. SSH keys are not nearly so
> easy to enforce expiration for, so there are some use cases. I've
> used it for VM's at home, because I may not have my private SSH keys
> on the other VM.
I think you can set
On Thu, Apr 29, 2021 at 4:11 PM Martin Kolman wrote:
>
> Hi!
> At the moment the Anaconda installer used by Fedora contains an option
> called "Allow SSH root login with password" on the root password
> configuration screen.
>
> This is how it looks like at the moment, on latest Fedora Rawhide
>
On 5/1/21 8:02 PM, Chris Adams wrote:
Once upon a time, PGNet Dev said:
my $0.02
leave the root via password option, but simply DISABLE it by default, rather
than REMOVING it.
That's what is going to happen - the openssh-server package will follow
upstream default (PermitRootLogin
Once upon a time, PGNet Dev said:
> my $0.02
>
> leave the root via password option, but simply DISABLE it by default, rather
> than REMOVING it.
That's what is going to happen - the openssh-server package will follow
upstream default (PermitRootLogin without-password), and Anaconda will
drop
On 5/1/21 7:23 PM, patra...@gmail.com wrote:
On 4/30/21 10:23 AM, Richard W.M. Jones wrote:
+1
in addition to, e.g., an _initial_ setup on a remote/headless box at a VPS.
Ubuntu Server installer handles this in a very nice way by allowing to import
SSH keys from a GitHub account given a
Once upon a time, patra...@gmail.com said:
> Ubuntu Server installer handles this in a very nice way by allowing to import
> SSH keys from a GitHub account given a username, i.e. via an URL like this:
> https://github.com/patrakov.keys . Maybe it's a good idea to implement the
> same feature
> On 4/30/21 10:23 AM, Richard W.M. Jones wrote:
>
> +1
>
> in addition to, e.g., an _initial_ setup on a remote/headless box at a VPS.
Ubuntu Server installer handles this in a very nice way by allowing to import
SSH keys from a GitHub account given a username, i.e. via an URL like this:
Yes, why not adding an option to anaconda to create a personal ssh key?
Same like amazon cloud does.
Eg. when you create a el8 server in AWS, AWS gives you an option to create a
ssh key before you finish the setup of this machine.
With that key you can later login to the root account of your AWS
On 4/30/21 3:21 PM, Richard W.M. Jones wrote:
On Thu, Apr 29, 2021 at 10:09:12PM +0200, Martin Kolman wrote:
Now fast forward to today, it's 2021, any use cases that needed
password based root login via SSH had 2 more years to migrate while the
amount of password guessing attacks certainly
> Am 29.04.2021 um 22:09 schrieb Martin Kolman :
>
> Hi!
> At the moment the Anaconda installer used by Fedora contains an option
> called "Allow SSH root login with password" on the root password
> configuration screen.
> ...
> Note that the checkbox is not ticked by default, the user needs to
I normally would complain about taking options away from users, but as I
typically use ssh for root *anyway*, I felt this wasn't appropriate
(although I have a friend who never uses ssh keys, always
password-over-ssh).
I would, however, ask that the config file have a commented out option
that
On Fri, 2021-04-30 at 20:42 +0200, Martin Kolman wrote:
> On Fri, 2021-04-30 at 15:23 +0100, Richard W.M. Jones wrote:
> > On Fri, Apr 30, 2021 at 03:37:54PM +0200, Vitaly Zaitsev via devel
> > wrote:
> > > On 30.04.2021 15:21, Richard W.M. Jones wrote:
> > > > Not everything is exposed to the
On Fri, 2021-04-30 at 15:23 +0100, Richard W.M. Jones wrote:
> On Fri, Apr 30, 2021 at 03:37:54PM +0200, Vitaly Zaitsev via devel
> wrote:
> > On 30.04.2021 15:21, Richard W.M. Jones wrote:
> > > Not everything is exposed to the internet. Please leave the
> > > option,
> > > disabled by default
On Fri, Apr 30, 2021 at 5:18 PM Vitaly Zaitsev via devel
wrote:
>
> On 30.04.2021 16:23, Richard W.M. Jones wrote:
> > Because distributing SSH keys to temporary VMs is hard?
>
> Kickstart + Ansible will fix all these issues.
Or, perhaps, cloud-init, for those using that approach.
On 30.04.2021 16:23, Richard W.M. Jones wrote:
Because distributing SSH keys to temporary VMs is hard?
Kickstart + Ansible will fix all these issues.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list --
On Thu, 2021-04-29 at 22:09 +0200, Martin Kolman wrote:
> Hi!
> At the moment the Anaconda installer used by Fedora contains an option
> called "Allow SSH root login with password" on the root password
> configuration screen.
>
> This is how it looks like at the moment, on latest Fedora Rawhide
>
On 4/30/21 10:23 AM, Richard W.M. Jones wrote:
Because distributing SSH keys to temporary VMs is hard? Not
everything is a long-lived machine connected to the internet.
+1
in addition to, e.g., an _initial_ setup on a remote/headless box at a VPS.
On Fri, Apr 30, 2021 at 03:37:54PM +0200, Vitaly Zaitsev via devel wrote:
> On 30.04.2021 15:21, Richard W.M. Jones wrote:
> >Not everything is exposed to the internet. Please leave the option,
> >disabled by default and with a suitable warning if you like.
>
> Why are you still using passwords
Hi!
Le 4/29/21 à 10:09 PM, Martin Kolman a écrit :
For that reason we in the Anaconda development team feel like it's a
good time to finally drop the "Allow SSH root login with password" from
the Anaconda GUI.
Yes!
I've thought to it in the past when I've submitted originally the "Lock root
On 30.04.2021 15:21, Richard W.M. Jones wrote:
Not everything is exposed to the internet. Please leave the option,
disabled by default and with a suitable warning if you like.
Why are you still using passwords in 2021? SSH keys are much more secure
and easier to use.
--
Sincerely,
Vitaly
On 29.04.2021 22:09, Martin Kolman wrote:
At the moment the Anaconda installer used by Fedora contains an option
called "Allow SSH root login with password" on the root password
configuration screen.
+1 for this change. Remote login as root with password is very insecure
and should be
On Thu, Apr 29, 2021 at 10:09:12PM +0200, Martin Kolman wrote:
> Now fast forward to today, it's 2021, any use cases that needed
> password based root login via SSH had 2 more years to migrate while the
> amount of password guessing attacks certainly didn't get any lower.
Not everything is
On Thu, Apr 29, 2021 at 4:17 PM Martin Kolman wrote:
>
> For that reason we in the Anaconda development team feel like it's a
> good time to finally drop the "Allow SSH root login with password" from
> the Anaconda GUI.
>
> If you are aware of some critical Fedora/Fedora spin usecase that
>
Hi!
At the moment the Anaconda installer used by Fedora contains an option
called "Allow SSH root login with password" on the root password
configuration screen.
This is how it looks like at the moment, on latest Fedora Rawhide
installer image:
31 matches
Mail list logo
