F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Stephen Gallagher
sgallagh at redhat.com
Thu Jan 8 19:38:43 UTC 2015
On Thu, 2015-01-08 at 13:52 -0500, Miloslav Trmač wrote:
> > > > The only other approach I could see for the headless > > >
> servers would be mandating the enrollment in an identity domain at > >
> > installation time (such as to FreeIPA or Active Directory). > > > >
> And in this scenario we should absolutely disable PermitRootLogin. > >
> So that if you have issues with the connector, you have to reboot the >
> machine and be physically present to fix anything. > > Not really a
> grand plan IMO.
>
> Earlier in the discussions I was told that this is not really an issue:
> in production, about every server with remote access also has a KVM.
> Mirek
I don't think that's necessarily true. I've seen plenty of sites where
they have a literal, physical "crash cart" they have to wheel out to
plug in when remote access is broken.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150108/ae626033/attachment.sig>
More information about the devel
mailing list