[CentOS] Fedora change that will probably affect RHEL

Tue Jul 28 21:10:36 UTC 2015
Robert Wolfe <Robert.Wolfe at malco.com>

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Chris Murphy
Sent: Tuesday, July 28, 2015 3:46 PM
To: CentOS mailing list
Subject: Re: [CentOS] Fedora change that will probably affect RHEL


What you said:

"Windows Server has power shell disabled by default. The functional equivalent, sshd, is typically enabled on Linux servers. So I think it's overdue that sshd be disabled on Linux servers by default, especially because the minimum password quality under discussion is still not good enough for forward facing servers on the Internet with static IPv4 addresses. They will get owned eventually if they use even the new minimum pw quality, and that's why I see pw quality as the wrong emphasis - at least for workstations."

And my reply:

For things like SSH and RDP I use two-factor authentication using DUO.  For the machines that I absolutely have to have these kinds of access two (my BBS for RDP and my mail server for SSH), this works well I think at providing an extra layer of security for both protocols and is quite affordable and is easy to administer.

Thank you,

Robert Wolfe, Systems Administrator
Malco Theatres, Inc.
5851 Ridgeway Center Parkway
Memphis, TN 38120
Phone: 1-901-761-3480 EXT 135
Fax: 1-901-681-2058