SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Thomas M Steenholdt
tmus at tmus.dk
Thu Mar 22 14:48:56 UTC 2007
Tomas Mraz wrote:
> On Wed, 2007-03-21 at 20:42 +0100, Thomas M Steenholdt wrote:
>
>> I agree that compromising a user account is still bad. But not nearly as
>> bad as root access (if one must choose), but if root access through ssh
>> is disabled by default, attack scripts would have to *guess* a user to
>> bruteforce and can't rely on bruteforcing "root" who exists on every
>> *nix system. So this would allow immediate ssh access to admins (ssh as
>> user and su -) to newly installed machines. Admin is free to remotely
>> log in, install public keys and reconfigure sshd as he sees fit, but
>> he's allowed to do it from his administrative workstation instead of the
>> physical machine console. This makes a lot of sense in my world.
>
> Except the regular users are created in firstboot which might be
> inaccessible when the system is installed remotely.
>
Perhaps this could be changed, if need be.
/Thomas
More information about the fedora-devel-list
mailing list