This issue tracks the release note for the following Fedora Change:
https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd
If you own this change, please add additional information here that we should communicate to Fedora users. Specifically, please consider:
Your notes to us do not need to be formally written. We will edit them and add details as needed. This is a way for you to ensure that we know what is critical about your change.
If you want to write this release note, then:
Once you're done with the above, make sure to either commit the relnote to an appropriate section of the Release Notes book, or, if you're not familiar with Git, AsciiDoc, or whatever else, just add it to this issue as a comment and let pbokoc[1] know that you're done with this one and you'd like the note included. Be sure to do this at least one day before the final release (October 29 according to the current schedule). Also make sure to do this even for relnotes that haven't been checked by the change owner.
[0] You can do that by asking the change owner listed on the wiki page; alternatively you can infer it by checking the tracker bug (linked in Wiki) in Bugzilla and looking at its status; see bug comments for details. Ask someone on the mailing list or on IRC if you're not sure. [1] In #fedora-docs on FreeNode (UTC+1 timezone, online mostly during the day on weekdays), or pbokoc @redhat.com if you can't get a hold of me on IRC.
Metadata Update from @mareksu: - Issue assigned to mareksu
@jjelen, I've prepared a release note to announce that the root password login is disabled in F31. Could you please review it?
== SSH no longer allows root password login The OpenSSH server no longer allows the `root` user to remotely log into Fedora using a password. This change is consistent with the upstream OpenSSH project, which disabled the remote `root` password login in the 7.0 release. Previously, the remote `root` password login was a common target of attacks. The `root` user can still remotely log in using a public SSH key. The `/etc/ssh/sshd_config` configuration file now disables the `PermitRootLogin` option. If you upgrade to Fedora 31 on a system where you have made changes to the configuration file, the upgrade process preserves your configuration and creates the new configuration in `/etc/ssh/sshd_config.rpmnew`. If you use the remote `root` password login in Kickstart or `cloud-init` scripts, Fedora recommends the following alternatives: * Switch to public key authentication. * Create a different administrative user.
Thanks!
Looks good to me. Only one minor thing I would do would be adding a reference how to opt out/override the default from Anaconda, which now provides the new checkbox "Allow root SSH login with password" next to the root password input. Even though it is nothing we would like to recommend, it will be the first question of many users.
Fixed in #405.
Metadata Update from @pbokoc: - Issue status updated to: Closed (was: Open)
Thanks, @jjelen. My commit containing the fix: https://pagure.io/fork/mareksu/fedora-docs/release-notes/c/dd6529177d419b7cf30e0fc6374509bd2a2af853?branch=f31
@pbokoc, could we still add this commit to the F31 release notes?
@mareksu Yep, it's in now. Thanks!
Login to comment on this ticket.