The GRUB EFI build in Fedora 31 contains the
verify GRUB modules. For more details see the
crypto-policies package has been enhanced and allows users to modify
the existing system-wide crypto policy levels by removing or adding enabled
algorithms and protocols.
For example, it is now possible to easily modify the existing
policy to disable the
SHA1 support or enable support for a national crypto
algorithm that is supported by the crypto libraries but is disabled in the
To achieve the above-mentioned outcome, add a simple configuration file and
The OpenSSH server no longer allows the
root user to remotely log into
Fedora using a password. This change is consistent with the upstream OpenSSH
project, which disabled the remote
root password login in the 7.0
release. Previously, the remote
root password login was a common target of
root user can still remotely log in using a public SSH key.
/etc/ssh/sshd_config configuration file now disables the
PermitRootLogin option. If you upgrade to Fedora 31 on a system where you
have made changes to the configuration file, the upgrade process preserves
your configuration and creates the new configuration in
If you use the remote
root password login in Kickstart or
scripts, Fedora recommends the following alternatives:
Switch to public key authentication.
Create a different administrative user.
You can re-enable
root password login:
In the Fedora installer (Anaconda), enable the Allow root SSH login with password option when setting a password for
On an already installed system, set the
krb5) removes support for several known-bad encryption
types. Hopefully users will see no changes, but to be sure you won’t, we
started logging deprecation warnings in
krb5-1.17-3.fc30. For more
information on upgrading from deprecated encryption types, see
DES deprecation guide.