Security FIx


Recommended Posts

Donate and support the project!

Security theater.

If it can be good enough for physical console/terminal-oriented distributives not mean it will be good for all forewer.

 

Maximum can be acceptable — create user on first logon (can be skipped!) and propose to lock ssh root login after first successful user logon.

All more "secured" scenarios will produce unusable inaccessible devices.

Link to post
Share on other sites
On 10/22/2020 at 8:25 PM, iav said:

Security theater.

If it can be good enough for physical console/terminal-oriented distributives not mean it will be good for all forewer.

 

Maximum can be acceptable — create user on first logon (can be skipped!) and propose to lock ssh root login after first successful user logon.

All more "secured" scenarios will produce unusable inaccessible devices.

On my headless machines I usually skip user creation and enable SSH pubkey login only after transferring my key (https://wiki.archlinux.org/index.php/SSH_keys)

 

IMHO the reason for not allowing root login (whether SSH or getty) is both to prevent wreaking havoc on the system by accident and not running processes elevated by default (which is a good security measure -- privileged account management). I'm just too lazy to type sudo as I do only configuration/package/service management on the machines.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...