Re: Debian Live CD - unsecured ssh open by default

To: Evgeny Kapun <abacabadabacaba@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Debian Live CD - unsecured ssh open by default
From: John Goerzen <jgoerzen@complete.org>
Date: Sun, 01 Feb 2015 05:52:37 -0600
Message-id: <[🔎] 54CE1385.40000@complete.org>
In-reply-to: <[🔎] 54CD7B06.6040003@gmail.com>
References: <[🔎] 54CD6ED6.8030006@complete.org> <[🔎] 54CD7B06.6040003@gmail.com>

Great news, thanks!

On 01/31/2015 07:01 PM, Evgeny Kapun wrote:
> This should be fixed in the latest version. See https://bugs.debian.org/741678.
>
> On 01.02.2015 03:09, John Goerzen wrote:
>> Hello,
>>
>> A friend of mine pointed out to me recently that the Debian Live CD has
>> ssh open to the network by default, and the "user" account -- which has
>> passwordless sudo to root privileges -- has a password that is
>> well-known and easily found via Google.  This poses some nasty surprises
>> for people that might be using it to repair systems on their LAN, and
>> even worse surprises for people that might install the Live CD image to
>> their system.
>>
>> I have seen a few mentions of this online, but it doesn't seem that
>> people are thinking of it as a security risk.  What is the best way to
>> get this fixed?
>>
>> Thanks!
>>
>> -- John
>>
>>
>

Reply to:

References:
- Debian Live CD - unsecured ssh open by default
  - From: John Goerzen <jgoerzen@complete.org>
- Re: Debian Live CD - unsecured ssh open by default
  - From: Evgeny Kapun <abacabadabacaba@gmail.com>

Prev by Date: Re: [SECURITY] [DSA 3148-1] chromium-browser end of life
Next by Date: Re: are unattended updates a good idea?
Previous by thread: Re: Debian Live CD - unsecured ssh open by default
Next by thread: Re: Debian Live CD - unsecured ssh open by default
Index(es):
- Date
- Thread