SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Nicolas Mailhot
nicolas.mailhot at laposte.net
Tue Mar 20 09:55:55 UTC 2007
Le Mar 20 mars 2007 10:46, Alexander Boström a écrit :
> tis 2007-03-20 klockan 10:24 +0100 skrev Nicolas Mailhot:
>
>> Disabling ssh is not a good solution, many people need it. However the
>> default fedora ssh setup is woefully insecure
>
> I think it can be off by default. To use it securely you should log in
> locally and look at or replace the host key anyway, so you might as well
> enable it at the same time. (But I guess people use SSH for
> better-than-nothing security, rather than checking host keys.)
>
>> At least ssh rate-limiting should be in the default firewall install.
>
> That'll just delay the problem.
For casual brute-force attacks it will solve the problem, but it's true
firewall-level blacklisting is prone to DOSing (as opposed to pam-level
blacklisting that knows about "users")
--
Nicolas Mailhot
More information about the fedora-devel-list
mailing list