[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)



Adam Jackson wrote:
On Tue, 2007-03-20 at 10:11 +0100, Alexander Boström wrote:

People don't use good passwords and they don't realize that their
password can be used remotely. Giving millions of people an sshd they
don't know or care about is a recipe for zombie machines and bad
security reputation.

So I think you mean "disable password auth by default".


That would probably be the ideal solution, security-wise, to this problem. However, since we're talking about the default configuration here, I feel this would make it "too hard" to get sshd set up initally. If we disable password auth completely, we would have to manually put public keys in place via USB keys or something. That's too much work. Lets settle for a default configuration with a good balance between usability and security. Like perhaps disabling root login or something.

Just my thoughts.

/Thomas


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]