SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

[Arthur Pemberton]

On 3/21/07, Alexander Boström <abo at kth.se> wrote:
> ons 2007-03-21 klockan 15:02 -0400 skrev Jon Masters:
>
> > IMO, yes. There are few times where I'll argue for services on by
> > default but SSH is one of those fundamental services that one expects to
> > have, pretty much on any box where an ssh server is installed. And yes,
> > I'd argue that even applies to desktop/laptop users :-)
>
> *sighs*

I sigh right along with you, I seem to remember bringing up having
root logins on by default pre FC6 - FC6 shipped with root logins on by
default

> I just really doubt there's any reasonable way to prevent bad passwords
> from being exploited.

Fedora could at _least_ ship with DenyHosts (or similar) in by default as well

> So it will happen, and that's just not acceptable.
> Zombie machines, running Fedora? Come on, we're supposed to be better
> than that! It's really bad and and it's also bad PR.

I agree

> Perhaps forcing people to use good passwords would be possible, but I
> doubt it.

That's how things were in FC1 and FC2, for some reason, the password
strength alerts were removed in prior versions.

> I helped a guy install Fedora once, over AIM chat where I didn't
> actually have any control over the machine... I had to point out to him
> very explicitly that if he doesn't turn off sshd it'll give him trouble.
> (Including explaining to him that why it's bad if someone guesses his
> password and gets access to his machine, it wasn't entirely obvious to
> him.) I think he got the point and managed to type the right commands to
> disable it though.
>
> /abo

Why didn't you point him to system-config-services?

Along the lines of passwords, I had firstboot (or was it Anaconda) die
before allowing me to create a regular user, but that's off topic I
suppose


-- 
Fedora Core 6 and proud