On Tue, 2015-07-28 at 14:46 -0600, Chris Murphy wrote: > Windows Server has power shell disabled by default. The functional > equivalent, sshd, is typically enabled on Linux servers. So I think > it's overdue that sshd be disabled on Linux servers by default, > especially because the minimum password quality under discussion is > still not good enough for forward facing servers on the Internet with > static IPv4 addresses. They will get owned eventually if they use even > the new minimum pw quality, and that's why I see pw quality as the > wrong emphasis - at least for workstations. Oh no they will not if incoming sshd is restricted to a very few IP addresses. A properly configured firewall always helps; selinux too. Closing down or moving ports also helps. -- Regards, Paul. England, EU. England's place is in the European Union.