Re: openssh-server's default config is dangerous

[Lisi Reisz <lisi.reisz@gmail.com>]

On Tuesday 12 July 2016 13:50:39 tomas@tuxteam.de wrote:
> My question would be... what would be the consequences of changing
> those defaults? Or perhaps, of asking the user at package config
> time?

I *was* asked last time I installed open-ssh*, at installation time, but did 
not understand the question so went with the default.  If you do not allow 
password log-in, what DO you allow?  For ssh to be useful, one has to use it.  
Note that it is not installed by default, one has to actively choose to have 
it.

Where you are administering systems where you can expect users on your system 
to have weak passwords, change the defaults to suit.  On my network there are 
no weak passwords.  At least, I have chosen all passwords on the system and I 
go out of my way to try and make them reasonably secure.  It is also (I hope) 
fairly difficult for anyone else to break in in the first place.  I don't 
want *my* life made any harder!!

Lisi