Les Mikesell wrote:
On Tue, 2006-08-08 at 14:45 -0400, Robert Locke wrote:
[snip]
In order for a remote system to be in a state that remote access is even
possible, there must be an OS already running. In order to install the
first OS, physical access to the box must be required. It has to be
physically connected etc. At the very least the power has to be turned
on.. it might then proceed to do a network install...
At that first install time is when a second user id should be created....
Non-root users are creating doing firstboot, not during the install. If
you aren't there to go through the firstboot process, you can't create any
users other than via root.
I don't recall off the top of my head what kickstart lets you do with
respect to user creation. It is conceivable that using kickstart to do a
PXE install will leave a headless machine with no way to access it except
via a root ssh session.
Well, kickstart and/or the interactive install could tie you in to
various network directories like NIS or something LDAP based to give you
non-root users...
But, of course, kickstart could add a user in a myriad of ways to the
local passwd/shadow/group files during the %post section like:
useradd -p encryptedpassword username
I'm not quite sure I see the point of this unless it is a
checkbox item in someones theoretical 'best practices' list.
How much of an install can you do as someone other than root?
It was exactly all this discussion I didn't want to get into...
apparently it's already been decided that root log in via ssh is allowed
by default.... fine, I can live with that.
What I WOULD like is an option in sshd_config then to tell me that's
allowed.... (like other info I get in Logwatch about ssh) then I can do
one of three things:
1 - turn off the option that warns me
2 - turn off root access via ssh
3 - see the warning every day. :-)
Bugzilla/RFE....
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201794 :-)
Let's see...
