Re: [CentOS] Fedora change that will probably affect RHEL

On Tue, 2015-07-28 at 14:46 -0600, Chris Murphy wrote:

Windows Server has power shell disabled by default. The functional equivalent, sshd, is typically enabled on Linux servers. So I think it's overdue that sshd be disabled on Linux servers by default, especially because the minimum password quality under discussion is still not good enough for forward facing servers on the Internet with static IPv4 addresses. They will get owned eventually if they use even the new minimum pw quality, and that's why I see pw quality as the wrong emphasis - at least for workstations.

Oh no they will not if incoming sshd is restricted to a very few IP addresses. A properly configured firewall always helps; selinux too. Closing down or moving ports also helps.