Shut down password ssh access for root #159
Conversation
Currently it seems that the only protection against ssh root logins is that no password is set. If a user unintentionally sets a root password, assuming that you can't login as root, they inadvertently open themselves up to a dictionary attack.
|
Jeez, this has been laying around for a while. I like this idea, but I am a bit worried about the upgrade path (this will break people who depend on password auth or root SSH access). Maybe we can lump this in with our SSH-socket-activation change. /cc @vcaputo |
|
There was a related bug somewhere about this, but the gist is some OEMs (cough_rackspace_cough) assume that the password you set through their provisioning setup is for root. Also unless the user (or the OEM as the previous case) sets a password for root there isn't going to be password login access anyway so most systems have effectively the same restriction, just a different code path. |
|
If that is the case I could just roll this into the Packet OEM, instead of here. I don think the default behavior is not intuitive. The 'core' user has sudo for a reason, and even though our other OSes have root, we actively don't configure it for CoreOS. |
|
It sounds like making this oem-specific may make most sense, considering @marineam's comments. |
Currently it seems that the only protection against ssh root logins is that no password is set. If a user unintentionally sets a root password, assuming that you can't login as root, they inadvertently open themselves up to a dictionary attack.
This can be overridden by a competent user, but if the intent is no root logins, it should be set explicitly, not just by dint of not having a password.