Philippe Vogel wrote: ...
7)
Issue:
SSH allows root to login but imo nobody wants to have this.
Hotfix:
Edit /etc/ssh/sshd_config and restart sshd:
PermitRootLogin no ...
Much of the stuff you address I don't use, so whatever. But I'll take exception to this, as your opinion is wrong. I do want root to be able to ssh into all my boxes. It what allows me to survive because I can automate copying of files for updates or shoving out new programs/scripts. It what allows me to easily jump from machine to machine as users come to me with problems; or to automate status-type commands on the fly (e.g. got a problem with this file, I wonder if the other machines have this file or a different one, let's do: for m in $machine_list; do echo $m; ssh $m cksum $file; done. It's all about automation. And all my machines are behind multiple firewalls, NAT'd, and have minimal ports open. I'm in about as secure a place as you can be (assuming you trust your users. :-) Maybe you're in a more hostile place, say as a border router; then yes, you probably don't want root to do that. But to say "nobody wants to have this" is just flat out wrong. (I'm not trying to flame you, just trying to point out that there may be situations you're not taking into account.) You can argue whether the default should be ON or OFF, but that's totally different. Kevin