F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Mike Pinkerton
pselists at mindspring.com
Fri Jan 9 20:04:09 UTC 2015
On 8 Jan 2015, at 13:52, Miloslav Trmač wrote:
>>>> The only other approach I could see for the headless
>>>> servers would be mandating the enrollment in an identity domain at
>>>> installation time (such as to FreeIPA or Active Directory).
>>>
>>> And in this scenario we should absolutely disable PermitRootLogin.
>>
>> So that if you have issues with the connector, you have to reboot the
>> machine and be physically present to fix anything.
>>
>> Not really a grand plan IMO.
>
> Earlier in the discussions I was told that this is not really an
> issue: in production, about every server with remote access also
> has a KVM.
Often not the case in small business or third party hosted
environments. Without remote ssh, box is unmanageable.
Even if you want to do key-based authentication rather than password,
you still need to use password initially to get the key onto the
remote box.
--
Mike Pinkerton
More information about the devel
mailing list