Re: openssh-server's default config is dangerous

To: debian-user@lists.debian.org
Subject: Re: openssh-server's default config is dangerous
From: mwnx <mwnx@gmx.com>
Date: Tue, 12 Jul 2016 18:53:29 +0200
Message-id: <[🔎] 20160712165329.GC4114@debian>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20160712120532.GA15892@e1030>
References: <[🔎] 20160712092610.GA6945@debian> <[🔎] 20160712120532.GA15892@e1030>

> So, you're blaming a perfectly good (and reasonably secure) way of
> remote access, but somehow assume that weak passwords are ok.
> By that logic you should not stop there. Why not blame any remote access
> mechanism that uses PAM for password checking as well?

There are many kinds of systems on which weak passwords are OK. For
instance, a home PC has no need whatsoever for a strong password. If
someone breaks into my home, they have access to my data anyway; and
the password is for local use only. If some malware gets into my
computer, it can get the root password through keylogging.

Note: this weak password can still be useful to protect my privacy
from guests.

-- 
mwnx
GPG: AEC9 554B 07BD F60D 75A3  AF6A 44E8 E4D4 0312 C726

Reply to:

Follow-Ups:
- Re: openssh-server's default config is dangerous
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: openssh-server's default config is dangerous
  - From: Brian <ad44@cityscape.co.uk>

References:
- openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>
- Re: openssh-server's default config is dangerous
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: openssh-server's default config is dangerous
Next by Date: Re: openssh-server's default config is dangerous
Previous by thread: Re: openssh-server's default config is dangerous
Next by thread: Re: openssh-server's default config is dangerous
Index(es):
- Date
- Thread