SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

Thomas M Steenholdt tmus at tmus.dk
Wed Mar 21 19:42:00 UTC 2007


Alexander Boström wrote:
> 
>> Lets settle for a default configuration with a good balance between 
>> usability and security. Like perhaps disabling root login or something.
> 
> Taking over a user account is really almost as bad as root access. The
> typical desktop user is thoroughly screwed regardless.
> 

I agree that compromising a user account is still bad. But not nearly as 
bad as root access (if one must choose), but if root access through ssh 
is disabled by default, attack scripts would have to *guess* a user to 
bruteforce and can't rely on bruteforcing "root" who exists on every 
*nix system. So this would allow immediate ssh access to admins (ssh as 
user and su -) to newly installed machines. Admin is free to remotely 
log in, install public keys and reconfigure sshd as he sees fit, but 
he's allowed to do it from his administrative workstation instead of the 
physical machine console. This makes a lot of sense in my world.

/Thomas




More information about the fedora-devel-list mailing list