SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Thomas M Steenholdt
tmus at tmus.dk
Tue Mar 20 20:53:09 UTC 2007
Adam Jackson wrote:
> On Tue, 2007-03-20 at 10:11 +0100, Alexander Boström wrote:
>>
>> People don't use good passwords and they don't realize that their
>> password can be used remotely. Giving millions of people an sshd they
>> don't know or care about is a recipe for zombie machines and bad
>> security reputation.
>
> So I think you mean "disable password auth by default".
>
That would probably be the ideal solution, security-wise, to this
problem. However, since we're talking about the default configuration
here, I feel this would make it "too hard" to get sshd set up initally.
If we disable password auth completely, we would have to manually put
public keys in place via USB keys or something. That's too much work.
Lets settle for a default configuration with a good balance between
usability and security. Like perhaps disabling root login or something.
Just my thoughts.
/Thomas
More information about the fedora-devel-list
mailing list