On Mon, Oct 03, 2016 at 09:03:05AM -0600, Chris Murphy wrote:
An alternative might be disabling sshd out of the box. It could be
turned on via cockpit, and require no additional configuration to ssh
login. That perhaps is a compromise between better out of the box
security and usability.
Having to manually log in to a web interface before you can use your
server is a waste of time and an absolut non-solution.
Doesn't Cockpit allow password-based login just as well? Why do you
consider it any more resistant to attack than OpenSSH sshd?
Of course, public-key-based auth would be the superior approach. But
short of installing from a custom kickstart, you need a way to get your
keys to the machine in the first place. Disabling sshd without solving
the actual problem first is only going to annoy users.
If the officially supported install method for Server created customized
images with integrated SSH keys, that would be the point where no one
would mind the disabling of password logins.