[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#122188: ssh: ssh should start earlier

Andrew Pimlott dijo [Sun, Sep 14, 2003 at 10:00:30PM -0400]:
> I think this is basically a good idea.  My ideal would be for sshd
> start early (as soon as /usr is mounted, before attempting to mount
> other filesystems) with a minimal config that allows only root
> logins, then restart later with the normal config.  This would be a
> creat option to offer out-of-the-box, though I guess it would take a
> little bit of juggling to get right.

I would argue against having this behavior as the default. For one, I
always have 'PermitRootLogin = no' in my sshd_config, I do not think it
is very smart to allow anyone to connect as root without checking if it
is a valid user - Maybe for a CoLo box I would leave it =yes, just to
avoid more problems, but... 

I would even go for asking this in the postinst. I am sure many people
who don't usually look at their config files other than to check why the
daemon is not working would be very happy to find out root can be kept
out. 

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF
Reply to: