Re: openssh-server's default config is dangerous

To: debian-user@lists.debian.org
Subject: Re: openssh-server's default config is dangerous
From: Lisi Reisz <lisi.reisz@gmail.com>
Date: Tue, 12 Jul 2016 17:53:50 +0100
Message-id: <[🔎] 201607121753.50853.lisi.reisz@gmail.com>
In-reply-to: <[🔎] jwvr3ay6d8b.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] 20160712092610.GA6945@debian> <[🔎] 201607121610.27647.lisi.reisz@gmail.com> <[🔎] jwvr3ay6d8b.fsf-monnier+gmane.linux.debian.user@gnu.org>

On Tuesday 12 July 2016 17:26:08 Stefan Monnier wrote:
> I mean, yes, I can (and have) cobbled up some hackish way to plug the
> holes I was aware of, but I think it would be better to be able to
> specifically only allow weak password authentication for some specific
> services and then stop worrying about which other services might still
> use those weak password (su? telnetd? which other ones?  how could
> I find out?)

This is different from what you originally said.  By all means discuss this 
general problem with the developers - but please don't single ssh out and 
mess it up for a good many of the rest of us.  

But why do you need weak passwords?  I think we may have an x-y problem here, 
and weak passwords may not be the only/optimum solution to the problem you 
are trying to solve by having them.  Weak passwords are a bad idea per se.

Lisi

Reply to:

Follow-Ups:
- Re: openssh-server's default config is dangerous
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

References:
- openssh-server's default config is dangerous
  - From: mwnx <mwnx@gmx.com>
- Re: openssh-server's default config is dangerous
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: openssh-server's default config is dangerous
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

Prev by Date: Re: openssh-server's default config is dangerous
Next by Date: Re: epson L210 scan
Previous by thread: Re: openssh-server's default config is dangerous
Next by thread: Re: openssh-server's default config is dangerous
Index(es):
- Date
- Thread