ideas 2
David Rhodus
sdrhodus at gmail.com
Wed Jul 28 11:38:37 PDT 2004
> I've considered changing the PermitRootLogin to 'without-password'
> by default. For the CD boot we could safely set it to 'yes' by
> default, because sshd will not accept an empty password... then a
> person would only need to set a password on the root account and they
> could login via sshd.
>
> -Matt
I would worry about having the 'without-password' turned on by
default, even for the CD because of the possibility of bug getting
into the release building process which could lead to the sshd_config
being copied over to the H/D. I don't think I would be as adverse to
having a small piece of the install program loaded at boot-time and
going into a polling mode which you could remotely attach and perform
a remote install. This would again still need to be limited to the
local subnet but wouldn't directly give out a root prompt. I can still
think of several scenarios were this could be abused, but at least the
person would be limited some-what to the options provided by the
install program.
--
-David
Steven David Rhodus
<sdrhodus at xxxxxxxxx>
More information about the Kernel
mailing list