[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Live CD - unsecured ssh open by default


A friend of mine pointed out to me recently that the Debian Live CD has
ssh open to the network by default, and the "user" account -- which has
passwordless sudo to root privileges -- has a password that is
well-known and easily found via Google.  This poses some nasty surprises
for people that might be using it to repair systems on their LAN, and
even worse surprises for people that might install the Live CD image to
their system.

I have seen a few mentions of this online, but it doesn't seem that
people are thinking of it as a security risk.  What is the best way to
get this fixed?


-- John

Reply to: