Debian Live CD - unsecured ssh open by default

To: debian-security@lists.debian.org
Subject: Debian Live CD - unsecured ssh open by default
From: John Goerzen <jgoerzen@complete.org>
Date: Sat, 31 Jan 2015 18:09:58 -0600
Message-id: <[🔎] 54CD6ED6.8030006@complete.org>

Hello,

A friend of mine pointed out to me recently that the Debian Live CD has
ssh open to the network by default, and the "user" account -- which has
passwordless sudo to root privileges -- has a password that is
well-known and easily found via Google.  This poses some nasty surprises
for people that might be using it to repair systems on their LAN, and
even worse surprises for people that might install the Live CD image to
their system.

I have seen a few mentions of this online, but it doesn't seem that
people are thinking of it as a security risk.  What is the best way to
get this fixed?

Thanks!

-- John

Reply to:

Follow-Ups:
- Re: Debian Live CD - unsecured ssh open by default
  - From: Evgeny Kapun <abacabadabacaba@gmail.com>
- Re: Debian Live CD - unsecured ssh open by default
  - From: Ста Деюс <sthu.deus@openmailbox.org>

Next by Date: Re: Debian Live CD - unsecured ssh open by default
Next by thread: Re: Debian Live CD - unsecured ssh open by default
Index(es):
- Date
- Thread