On 8 Jan 2015, at 13:52, Miloslav Trmač wrote:
The only other approach I could see for the headless
servers would be mandating the enrollment in an identity domain at
installation time (such as to FreeIPA or Active Directory).
And in this scenario we should absolutely disable PermitRootLogin.
So that if you have issues with the connector, you have to reboot the
machine and be physically present to fix anything.
Not really a grand plan IMO.
Earlier in the discussions I was told that this is not really an
issue: in production, about every server with remote access also
has a KVM.
Often not the case in small business or third party hosted
environments. Without remote ssh, box is unmanageable.
Even if you want to do key-based authentication rather than password,
you still need to use password initially to get the key onto the
remote box.
--
Mike Pinkerton
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
