[CentOS] Fedora change that will probably affect RHEL

Fri Jul 31 01:03:29 UTC 2015
Always Learning <centos at u64.u22.net>

On Tue, 2015-07-28 at 14:46 -0600, Chris Murphy wrote:

> Windows Server has power shell disabled by default. The functional
> equivalent, sshd, is typically enabled on Linux servers. So I think
> it's overdue that sshd be disabled on Linux servers by default,
> especially because the minimum password quality under discussion is
> still not good enough for forward facing servers on the Internet with
> static IPv4 addresses. They will get owned eventually if they use even
> the new minimum pw quality, and that's why I see pw quality as the
> wrong emphasis - at least for workstations.

Oh no they will not if incoming sshd is restricted to a very few IP
addresses. A properly configured firewall always helps; selinux too.
Closing down or moving ports also helps.


England, EU.      England's place is in the European Union.