Re: openssh-server's default config is dangerous
On Tue, 12 Jul 2016 21:51:41 +0100
Lisi Reisz <lisi.reisz@gmail.com> wrote:
> On Tuesday 12 July 2016 20:24:18 Brian wrote:
> > (For those who think this is about password logins in general - it
> > is not. It is about logging in as root).
>
> Thank you, Brian. You come up trumps again. I said that I hadn't
> understood the question. I did think it was about password logging
> in in general.
>
There has been a bit of thread drift, and we all see different issues.
I took it to be a comment on the fact that any of a computer's users
have remote access to it, by password only, after a default installation
of openssh, as opposed to, say, MySQL, where nobody but the
administrator designated during installation has any access at all
until explicitly permitted, whether the daemon is running or not.
Or Remote Desktop on Windows Professional, which after being explicitly
enabled by an admin, is still only accessible to admins until others are
granted permissions.
SSH is mostly used in two separate situations: to provide a user with
remote operational access to a machine, and to provide an admin with an
alternative means of login to a machine where normal login is broken. A
default installation could provide the latter without the former.
--
Joe
Reply to: