Developers Start Debating Whether To Block Password-Based Root SSH Logins For Fedora 31

Written by Michael Larabel in Fedora on 17 May 2019 at 09:15 AM EDT. 32 Comments
FEDORA
While upstream SSH has disabled password logins for the root user as their default configuration the past number of years and that has carried over into being the out-of-the-box behavior for many operating systems, Fedora continues allowing password-based SSH root log-ins by default. But with the next Fedora release they are thinking about changing that default behavior.

This would allow Fedora to have better security out-of-the-box particularly on servers where OpenSSH tends to be running. The configuration can still be toggled with the "PermitRootLogin" directive of the SSHD configuration.

The plan for disabling the password-based SSH root log-ins by default for Fedora 31 was published this week on the Fedora mailing list.

This system-wide change proposal is now being debated on the Fedora devel list. So far no one is outright opposed to this default behavior change, but in doing so they would need to better educate users who up to now may be doing headless server installs and expecting password-based root SSH log-in support following the installation. This change may lead to Fedora installer improvements for ensuring a user is created at install-time that is part of the wheel group or ensuring Cockpit is installed for offering password-based web access to the server for initial configuration or adding the ability to the Fedora Anaconda installer to import a public SSH key for the root user from a URL.

This topic is still being considered and ultimately needs to be voted on by the Fedora Engineering and Steering Committee, but it's looking like for the Fedora 31 release this autumn it's quite likely to forbid the password-based SSH root log-ins by default.
32 Comments
Related News
Fedora Workstation 38 Is Shaping Up To Be Another Fantastic Release
Fedora 38 Beta Released With Many Exciting Updates
Incomplete Fedora 38 Changes Pushed Back, Including Dropping Legacy X.Org Drivers
Fedora Considers Dropping Delta RPMs
Fedora 39 Plots Path For Intel Threaded Building Blocks Upgrade
Fedora Planning Ahead For The Next 5 Years
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OBS Studio Lands AV1 & HEVC RTMP Streaming Support
Valve Officially Announces Counter-Strike 2
Raja Koduri Departing Intel To Start New Software Company
GNOME 44 Released With Many Desktop Enhancements
Linux 6.3-rc3 Released: It's "Fairly Big"
Framework Laptop Launches AMD Ryzen Upgradeable Laptop, Intel Raptor Lake Models Too
Mozilla Announces Mozilla.ai For "Trustworthy AI"
Proxmox VE 7.4 Released With Linux 5.15 LTS + Linux 6.2 Support, New Dark Theme