Bug#122188: ssh: ssh should start earlier
On Mon, 15 Sep 2003 12:00, Andrew Pimlott wrote:
> I think this is basically a good idea. My ideal would be for sshd
> start early (as soon as /usr is mounted, before attempting to mount
> other filesystems) with a minimal config that allows only root
> logins, then restart later with the normal config. This would be a
> creat option to offer out-of-the-box, though I guess it would take a
> little bit of juggling to get right.
Having sshd allow root logins during the boot process when you don't allow
such logins while the machine is fully operational seems like a bad idea.
If allowing root logins is not considered to be a security problem then they
should be allowed at all times. If allowing root logins is a security
problem then it should never be allowed, not even at boot.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: