Fedora Server Edition Basic Administration Guide
Generic basic system administration is covered by Fedora’s overall System Administration Guide. But there are several of Fedora Server specific topics which are not included. There are such basic items as storage organization to more advanced security considerations up to virtualization.
As part of the installation, the system is already fitted with many security-relevant configurations. But some items need manual intervention.
First of all, the root account needs a key file to enable secure access via ssh. Right after installation, a remote login as root via ssh is not possible due to the (public) key file requirement as configured by default during installation. A local password based root login (directly connected terminal, KVM terminal, but su as well) is still enabled in the default configuration.
For a number of other procedures, the system manager must weigh the pros and cons and make a decision. This involves, for example
Depending on protection and confidentiality requirements, system-wide disabling root login (system administration is performed exclusively via user accounts with administrative privileges)
Disabling ssh password based login for all users except one (or very few) fallbacks
Protecting Cockpit password terminal login capability
Installing fail2ban to block IPs with too many unsuccessful logins
For detailed information see System Administration – Post Installation Tasks
Fedora Server Edition is designed as a headless device, i.e. without a graphical user interface. Corresponding packages are not even installed. Accordingly, at most a simple text-based terminal is available on the box.
Typically, however, administration is done remotely via a secure SSH connection.
In addition, a lightweight web-based graphical user interface, Cockpit, is available by default and is intended to simplify many typical and repetitive maintenance tasks. For example, the creation, formatting and mounting of a logical file area can be done with a short input form consisting of 3-4 topics and one click. This saves even the experienced system administrator a lot of time and the (error-free) typing of several command lines.