Re: openssh-server's default config is dangerous

To: debian-user@lists.debian.org
Subject: Re: openssh-server's default config is dangerous
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Tue, 12 Jul 2016 09:02:23 -0400
Message-id: <[🔎] jwvd1mj812v.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] 20160712092610.GA6945@debian> <[🔎] 20160712120532.GA15892@e1030> <[🔎] 20160712122038.GA28081@tuxteam.de>

> That weak passwords are a problem in themselves or that other services
> get started right away after install too is irrelevant to the point
> made -- again IMHO.

Reminds me of a need I couldn't conveniently satisfy: allow known weak
passwords on some specific user accounts but make sure you can not use
them remotely (in my case I only wanted to allow GDM logins for them).

E.g. make it so that sshd only lets you login if your user is in the
"ssh-able" group or some such, just like we do for sudo.


        Stefan

Reply to:

Follow-Ups:
- Re: openssh-server's default config is dangerous
  - From: <tomas@tuxteam.de>

References:
- openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>
- Re: openssh-server's default config is dangerous
  - From: Reco <recoverym4n@gmail.com>
- Re: openssh-server's default config is dangerous
  - From: <tomas@tuxteam.de>

Prev by Date: Re: openssh-server's default config is dangerous
Next by Date: Re: openssh-server's default config is dangerous
Previous by thread: Re: openssh-server's default config is dangerous
Next by thread: Re: openssh-server's default config is dangerous
Index(es):
- Date
- Thread