On Mon, Oct 03, 2016 at 09:03:05AM -0600, Chris Murphy wrote:
An alternative might be disabling sshd out of the box. It could be turned on via cockpit, and require no additional configuration to ssh login. That perhaps is a compromise between better out of the box security and usability.
Having to manually log in to a web interface before you can use your server is a waste of time and an absolut non-solution.
Doesn't Cockpit allow password-based login just as well? Why do you consider it any more resistant to attack than OpenSSH sshd?
Of course, public-key-based auth would be the superior approach. But short of installing from a custom kickstart, you need a way to get your keys to the machine in the first place. Disabling sshd without solving the actual problem first is only going to annoy users.
If the officially supported install method for Server created customized images with integrated SSH keys, that would be the point where no one would mind the disabling of password logins.