Re: openssh-server's default config is dangerous

To: debian-user@lists.debian.org
Subject: Re: openssh-server's default config is dangerous
From: Reco <recoverym4n@gmail.com>
Date: Tue, 12 Jul 2016 15:05:35 +0300
Message-id: <[🔎] 20160712120532.GA15892@e1030>
In-reply-to: <[🔎] 20160712092610.GA6945@debian>
References: <[🔎] 20160712092610.GA6945@debian>

	Hi.

On Tue, Jul 12, 2016 at 11:26:10AM +0200, mwnx wrote:
> Currently, after installing openssh-server, anyone can gain access
> to any user's account on the system using only the corresponding
> user's password. As we know, people do not necessarily use the most
> secure of passwords. This will especially be the case if the user
> does not expect his computer to be accessible in any way from the
> outside.

So, you're blaming a perfectly good (and reasonably secure) way of
remote access, but somehow assume that weak passwords are ok.
By that logic you should not stop there. Why not blame any remote access
mechanism that uses PAM for password checking as well?

Reco

Reply to:

Follow-Ups:
- Re: openssh-server's default config is dangerous
  - From: <tomas@tuxteam.de>
- Re: openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>

References:
- openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>

Prev by Date: Re: openssh-server's default config is dangerous
Next by Date: Re: openssh-server's default config is dangerous
Previous by thread: Re: openssh-server's default config is dangerous
Next by thread: Re: openssh-server's default config is dangerous
Index(es):
- Date
- Thread