Bug#452035: Please reconsider this issue

To: 452035@bugs.debian.org
Subject: Bug#452035: Please reconsider this issue
From: Russell Coker <russell@coker.com.au>
Date: Mon, 05 Mar 2018 14:26:46 +1100
Message-id: <[🔎] 506749124.K4clrZKKO9@liv>
Reply-to: Russell Coker <russell@coker.com.au>, 452035@bugs.debian.org
References: <20071119235248.12199.89778.reportbug@singapore.xtronics.network>

https://etbe.coker.com.au/2018/03/05/compromised-guest-account/

I just had one of my systems compromised.  While I did stuff up, if the 
default had been to have AllowUsers I would have set it to only allow desired 
ssh users and everything would have been fine.

I suggest that the default configuration should only allow root logins (which 
by default means public key access as the default is to not allow root login 
with password).  That gives the minimal useful functionality and it's not 
difficult to figure out which field to edit to add more users if desired.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to:

Prev by Date: openssh_7.4p1-10+deb9u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by Date: scp : -l option (bandwidth limiting) doesn't work when scp-ing from a remote host to another remote host
Previous by thread: openssh_7.4p1-10+deb9u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by thread: scp : -l option (bandwidth limiting) doesn't work when scp-ing from a remote host to another remote host
Index(es):
- Date
- Thread