There are also other options that can break SSH access just as easily
(AllowGroup being one prominent example). The whole thing is <i>too brittle</i> to
be used exclusively as user-facing service ("build server" where users log
into and run build jobs), file server (scp/sftp), server debugging channel,
and configuration distribution method.<p>For servers administration at least one more channel is a must, and CFEngine
(and as a derivative, Puppet) got that right, while Ansible did the dumbest
thing, because "agentless!" (though you still have an agent on the OS' side,
it's just overloaded with other functions).