[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)



Le Mar 20 mars 2007 10:46, Alexander Boström a écrit :
> tis 2007-03-20 klockan 10:24 +0100 skrev Nicolas Mailhot:
>
>> Disabling ssh is not a good solution, many people need it. However the
>> default fedora ssh setup is woefully insecure
>
> I think it can be off by default. To use it securely you should log in
> locally and look at or replace the host key anyway, so you might as well
> enable it at the same time. (But I guess people use SSH for
> better-than-nothing security, rather than checking host keys.)
>
>> At least ssh rate-limiting should be in the default firewall install.
>
> That'll just delay the problem.

For casual brute-force attacks it will solve the problem, but it's true
firewall-level blacklisting is prone to DOSing (as opposed to pam-level
blacklisting that knows about "users")

-- 
Nicolas Mailhot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]