SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Tomas Mraz
tmraz at redhat.com
Wed Mar 21 22:19:49 UTC 2007
On Wed, 2007-03-21 at 20:42 +0100, Thomas M Steenholdt wrote:
> I agree that compromising a user account is still bad. But not nearly as
> bad as root access (if one must choose), but if root access through ssh
> is disabled by default, attack scripts would have to *guess* a user to
> bruteforce and can't rely on bruteforcing "root" who exists on every
> *nix system. So this would allow immediate ssh access to admins (ssh as
> user and su -) to newly installed machines. Admin is free to remotely
> log in, install public keys and reconfigure sshd as he sees fit, but
> he's allowed to do it from his administrative workstation instead of the
> physical machine console. This makes a lot of sense in my world.
Except the regular users are created in firstboot which might be
inaccessible when the system is installed remotely.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-devel-list
mailing list