Re: openssh-server's default config is dangerous
On Tuesday 12 July 2016 18:14:04 Stefan Monnier wrote:
> > This is different from what you originally said. By all means discuss
> > this general problem with the developers - but please don't single ssh
> > out and mess it up for a good many of the rest of us.
>
> I think we're miscommunicating: I specifically don't want to single-out
> SSH but instead I want to single out GDM. And I think this should be
> done in PAM.
Yes, we are miscommunicating, and I'll go along with that.
>
> > But why do you need weak passwords? I think we may have an x-y problem
> > here, and weak passwords may not be the only/optimum solution to the
> > problem you are trying to solve by having them. Weak passwords are a bad
> > idea per se.
>
> Quite likely. I only pointed out this need of mine as being related to
> the OP's request.
>
> Here are some uses of weak passwords in GDM I can remember offhand:
> - For accounts of people unable to remember a more complex password.
> - For guest accounts
> - For mere convenience (when I'm in front of my desktop at home, it's
> handy not to have to type my full password, under the assumption that
> physical access to the machine means that a strong password wouldn't
> make much difference (as long as the disk isn't encrypted, say)).
My solution to that is physical access to the computer, actually sitting in
front of it - login without a password. ALL external access, even from the
neighbouring computer, use a strong password in case someone breaks into your
network from outside.
Lisi
Reply to: