Bug#741678: It is possible to use live user account to log in via SSH

To: daniel.baumann@progress-technologies.net
Cc: 741678@bugs.debian.org
Subject: Bug#741678: It is possible to use live user account to log in via SSH
From: Evgeny Kapun <abacabadabacaba@gmail.com>
Date: Sat, 15 Mar 2014 20:33:24 +0400
Message-id: <[🔎] 532480D4.40008@gmail.com>
Reply-to: Evgeny Kapun <abacabadabacaba@gmail.com>, 741678@bugs.debian.org
In-reply-to: <[🔎] 532469A5.3060103@progress-technologies.net>
References: <[🔎] 5324628C.7080804@gmail.com> <[🔎] 532469A5.3060103@progress-technologies.net>

I think that it is wrong if anyone on the same network can log into a live system and get full access to it. If a user connects, say, to a Wi-Fi network to download something, he doesn't expect his computer to become open to everyone. Currently, it is necessary to change the password before connecting to any untrusted networks, and most users won't do it, which makes them vulnerable.
A possible solution is to disable password for default user (he is logged in automatically anyway), or to disable password authentication via SSH.

Reply to:

References:
- Bug#741678: It is possible to use live user account to log in via SSH
  - From: Evgeny Kapun <abacabadabacaba@gmail.com>
- Bug#741678: It is possible to use live user account to log in via SSH
  - From: Daniel Baumann <daniel.baumann@progress-technologies.net>

Prev by Date: Processed: Re: Bug#741678: It is possible to use live user account to log in via SSH
Next by Date: Bug#741678: It is possible to use live user account to log in via SSH
Previous by thread: Processed: Re: Bug#741678: It is possible to use live user account to log in via SSH
Next by thread: Bug#741678: It is possible to use live user account to log in via SSH
Index(es):
- Date
- Thread