[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Live CD default sshd install allowed root privileges to be gained

> -----Original Message-----
> From: grihad@gmail.com
> Sent: Fri, 31 Jan 2014 17:55:51 +0400
> To: debian-live@lists.debian.org
> Subject: Live CD default sshd install allowed root privileges to be
> gained
> <snip>
> The break in was caused by the fact that Debian's Live CD installed and
> enabled SSH server to run (with PermitRootLogin enabled) without telling
> me about it - I don't need an SSH server at home and would never run it
> in this way with an easy to guess root password, which was simply root,
> because I would never use the root account for logging in via network
> and would definitely harden SSH configuration with AllowUsers, public
> keys, firewall etc. I did install & enable a permissive iptables
> firewall ("deny by default"), but a day or two after the break-in, long
> before I detected the intrusion and what caused it.

The problem appears to all come down to the poor choice of using
root as the root password.

If you are arguing for a change in behavior/action then you should state
what change you desire and present an argument for such change.

As far as I know upstream ships with rootlogin enabled, and the debian
maintainers have considered the issue and left it as is.

What exactly are you wanting in regards to this issue?

FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
Check it out at http://www.inbox.com/earth

Reply to: