Re: openssh-server's default config is dangerous
On Tuesday 12 July 2016 17:26:08 Stefan Monnier wrote:
> I mean, yes, I can (and have) cobbled up some hackish way to plug the
> holes I was aware of, but I think it would be better to be able to
> specifically only allow weak password authentication for some specific
> services and then stop worrying about which other services might still
> use those weak password (su? telnetd? which other ones? how could
> I find out?)
This is different from what you originally said. By all means discuss this
general problem with the developers - but please don't single ssh out and
mess it up for a good many of the rest of us.
But why do you need weak passwords? I think we may have an x-y problem here,
and weak passwords may not be the only/optimum solution to the problem you
are trying to solve by having them. Weak passwords are a bad idea per se.
Lisi
Reply to: