Re: openssh-server's default config is dangerous
On Tuesday 12 July 2016 13:50:39 tomas@tuxteam.de wrote:
> My question would be... what would be the consequences of changing
> those defaults? Or perhaps, of asking the user at package config
> time?
I *was* asked last time I installed open-ssh*, at installation time, but did
not understand the question so went with the default. If you do not allow
password log-in, what DO you allow? For ssh to be useful, one has to use it.
Note that it is not installed by default, one has to actively choose to have
it.
Where you are administering systems where you can expect users on your system
to have weak passwords, change the defaults to suit. On my network there are
no weak passwords. At least, I have chosen all passwords on the system and I
go out of my way to try and make them reasonably secure. It is also (I hope)
fairly difficult for anyone else to break in in the first place. I don't
want *my* life made any harder!!
Lisi
Reply to: