[CentOS] Fedora change that will probably affect RHEL

Wed Jul 29 19:29:54 UTC 2015
Warren Young <wyml at etr-usa.com>

On Jul 28, 2015, at 8:37 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:
> On 07/28/2015 04:29 PM, Warren Young wrote:
>> They turned off "PermitRootLogin yes" and "Protocol 1" in EL6 or EL7, the previous low-hanging fruit.  Do you think those were bad decisions, too?
> As far as I know, PermitRootLogin has not been set to "no" by default. 

My mistake.  I grepped sshd_config on a fresh EL7 machine here and saw

  #PermitRootLogin yes

and assumed it meant “no”.  It’s just documenting the default.

I explicitly set it to “no” on systems I am solely in control of, and I’d prefer that upstream changed that default in the precursor(s) to CentOS 8, too.  EL7 ships ready to use sudo out-of-the-box, if you tick the “administrative user” checkbox on the non-root user during install.  That removes the last good reason to allow remote root logins by default.