[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

From: "Nicolas Mailhot" <nicolas mailhot laposte net>
To: "Development discussions related to Fedora Core" <fedora-devel-list redhat com>
Cc: "Development discussions related to Fedora Core" <fedora-devel-list redhat com>
Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Date: Tue, 20 Mar 2007 10:55:55 +0100 (CET)

Le Mar 20 mars 2007 10:46, Alexander Boström a écrit :
> tis 2007-03-20 klockan 10:24 +0100 skrev Nicolas Mailhot:
>
>> Disabling ssh is not a good solution, many people need it. However the
>> default fedora ssh setup is woefully insecure
>
> I think it can be off by default. To use it securely you should log in
> locally and look at or replace the host key anyway, so you might as well
> enable it at the same time. (But I guess people use SSH for
> better-than-nothing security, rather than checking host keys.)
>
>> At least ssh rate-limiting should be in the default firewall install.
>
> That'll just delay the problem.

For casual brute-force attacks it will solve the problem, but it's true
firewall-level blacklisting is prone to DOSing (as opposed to pam-level
blacklisting that knows about "users")

-- 
Nicolas Mailhot

Follow-Ups:
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Matthias Saou

References:
- too many deamons by default - F7 test 2 live cd
  - From: Rahul Sundaram
- SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Alexander Boström
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Nicolas Mailhot
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Alexander Boström

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]