-----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Chris Murphy Sent: Tuesday, July 28, 2015 3:46 PM To: CentOS mailing list Subject: Re: [CentOS] Fedora change that will probably affect RHEL [...] What you said: "Windows Server has power shell disabled by default. The functional equivalent, sshd, is typically enabled on Linux servers. So I think it's overdue that sshd be disabled on Linux servers by default, especially because the minimum password quality under discussion is still not good enough for forward facing servers on the Internet with static IPv4 addresses. They will get owned eventually if they use even the new minimum pw quality, and that's why I see pw quality as the wrong emphasis - at least for workstations." And my reply: For things like SSH and RDP I use two-factor authentication using DUO. For the machines that I absolutely have to have these kinds of access two (my BBS for RDP and my mail server for SSH), this works well I think at providing an extra layer of security for both protocols and is quite affordable and is easy to administer. Thank you, Robert Wolfe, Systems Administrator Malco Theatres, Inc. 5851 Ridgeway Center Parkway Memphis, TN 38120 Phone: 1-901-761-3480 EXT 135 Fax: 1-901-681-2058