Re: openssh-server's default config is dangerous

To: debian-user@lists.debian.org
Subject: Re: openssh-server's default config is dangerous
From: Brian <ad44@cityscape.co.uk>
Date: Tue, 12 Jul 2016 12:58:24 +0100
Message-id: <[🔎] 12072016125119.e0b410e7ce2c@desktop.copernicus.demon.co.uk>
In-reply-to: <[🔎] 20160712094456.GB3967049@phare.normalesup.org>
References: <[🔎] 20160712092610.GA6945@debian> <[🔎] 20160712094456.GB3967049@phare.normalesup.org>

On Tue 12 Jul 2016 at 11:44:56 +0200, Nicolas George wrote:

> Le quintidi 25 messidor, an CCXXIV, mwnx a écrit :
> > I would like to initiate a discussion about the security
> > implications of the default sshd_config file, created after an
> > installation of the openssh-server package.
> 
> I think the problem you raise is not specific to SSH: when installing
> anything that looks like a deamon, apt will start the daemon with its
> default configuration immediately. There are hackish ways of working around
> it, and I do not even know if they work with systemd.
> 
> I always found that behaviour very bad, for many reasons. IMHO, starting
> daemons after installing them should be an option.

The behaviour is sensible and acceptable. Anyone who installs a daemon
wants to use it; why install it in the first place? If the defaults
were unsafe it would be a bug. A single example of such an unsafe
configuration would be nice to have.

Reply to:

Follow-Ups:
- Re: openssh-server's default config is dangerous
  - From: Nicolas George <george@nsup.org>

References:
- openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>
- Re: openssh-server's default config is dangerous
  - From: Nicolas George <george@nsup.org>

Prev by Date: Re: epson L210 scan
Next by Date: Re: openssh-server's default config is dangerous
Previous by thread: Re: openssh-server's default config is dangerous
Next by thread: Re: openssh-server's default config is dangerous
Index(es):
- Date
- Thread