Developers Start Debating Whether To Block Password-Based Root SSH Logins For Fedora 31

Written by Michael Larabel in Fedora on 17 May 2019 at 09:15 AM EDT. 32 Comments
FEDORA
While upstream SSH has disabled password logins for the root user as their default configuration the past number of years and that has carried over into being the out-of-the-box behavior for many operating systems, Fedora continues allowing password-based SSH root log-ins by default. But with the next Fedora release they are thinking about changing that default behavior.

This would allow Fedora to have better security out-of-the-box particularly on servers where OpenSSH tends to be running. The configuration can still be toggled with the "PermitRootLogin" directive of the SSHD configuration.

The plan for disabling the password-based SSH root log-ins by default for Fedora 31 was published this week on the Fedora mailing list.

This system-wide change proposal is now being debated on the Fedora devel list. So far no one is outright opposed to this default behavior change, but in doing so they would need to better educate users who up to now may be doing headless server installs and expecting password-based root SSH log-in support following the installation. This change may lead to Fedora installer improvements for ensuring a user is created at install-time that is part of the wheel group or ensuring Cockpit is installed for offering password-based web access to the server for initial configuration or adding the ability to the Fedora Anaconda installer to import a public SSH key for the root user from a URL.

This topic is still being considered and ultimately needs to be voted on by the Fedora Engineering and Steering Committee, but it's looking like for the Fedora 31 release this autumn it's quite likely to forbid the password-based SSH root log-ins by default.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week