F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Simo Sorce
simo at redhat.com
Thu Jan 8 18:29:20 UTC 2015
On Thu, 08 Jan 2015 11:10:36 -0500
Adam Jackson <ajax at redhat.com> wrote:
> > The only other approach I could see for the headless
> > servers would be mandating the enrollment in an identity domain at
> > installation time (such as to FreeIPA or Active Directory).
>
> And in this scenario we should absolutely disable PermitRootLogin.
So that if you have issues with the connector, you have to reboot the
machine and be physically present to fix anything.
Not really a grand plan IMO.
I may be ok with allowing only passwoedless by default, though I still
think this feature should be conditional to whether there are other
local accounts or not.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list