>>>> The only other approach I could see for the headless
>>>> servers would be mandating the enrollment in an identity domain at
>>>> installation time (such as to FreeIPA or Active Directory).
>>>
>>>
>>> And in this scenario we should absolutely disable PermitRootLogin.
>>
>>
>> So that if you have issues with the connector, you have to reboot the
>> machine and be physically present to fix anything.
>>
>> Not really a grand plan IMO.
>
>
> Earlier in the discussions I was told that this is not really an issue: in
> production, about every server with remote access also has a KVM.
Often not the case in small business or third party hosted environments.
Without remote ssh, box is unmanageable.
Even if you want to do key-based authentication rather than password, you
still need to use password initially to get the key onto the remote box.
If you use cloud-init you can specify an initial public key that it
inserts against, or even auto enrol it in a central auth system like
IPA and hence not ever need a password.
Peter