First of all, I agree with you that PermitRootLogin without-password is
preferable.
The discussion I am interested in is whether direct password root login
should remain enabled.
On 01/12/2015 10:02 AM, Paul Wouters wrote:
On Mon, 12 Jan 2015, Przemek Klosowski wrote:
- improves accountability for administrative actions (we know which
admin messed up :)
Nonsense. for non-malicious logins, sudo leaves as much as a trail as
sshd which tells you which credentials were used to login.
With root logins, all you have on the client machine is the IP the
connection originated from. If people have to get in on their own
accounts, those accounts leave audit trails, on multiple systems.
More importantly, there is one root for all users---if one user needs to
be blocked (e.g. sysadmin quits), the only solution is to change the
root password everywhere. Individual accounts can be controlled
independently, especially in setups with centralized account management
like Kerberos/IPA.
- allows more granularity in granting elevated privileges across a
set of machines and admins
Nothing in the current setup is preventing you from allowing non-root
remote access. Blocking direct root access does not "allow more
granularity".
You already have all the granularity if you want to use it.
But if the single-password root is enabled, why would anyone use those
granular methods?
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
