[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssh-server's default config is dangerous

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 12, 2016 at 02:18:58PM +0100, Lisi Reisz wrote:
> On Tuesday 12 July 2016 13:50:39 tomas@tuxteam.de wrote:
> > My question would be... what would be the consequences of changing
> > those defaults? Or perhaps, of asking the user at package config
> > time?
> 
> I *was* asked last time I installed open-ssh*, at installation time, but did 
> not understand the question so went with the default.  If you do not allow 
> password log-in, what DO you allow?  For ssh to be useful, one has to use it.  
> Note that it is not installed by default, one has to actively choose to have 
> it.

Thanks for this input, Lisi. So the installer *already asks*, but has the
"other" default. And it would have made your life harder otherwise.

Besides, the question seems obscure. Any ideas on how to make it more
understandable?

As for the default... ultimately Henrique is right, one should file a bug.
I'm still trying to get a grasp of the tradeoffs involved (and perhaps
looking for better ideas).

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAleE9W0ACgkQBcgs9XrR2kZMPQCfaZ3ZXH77SkjXciAcrbIgXpCw
9NgAn0vUqC0ivqy6fFY4i3UexVxs6Ley
=iVxO
-----END PGP SIGNATURE-----
Reply to: