[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)



On Wed, 2007-03-21 at 20:42 +0100, Thomas M Steenholdt wrote:

> I agree that compromising a user account is still bad. But not nearly as 
> bad as root access (if one must choose), but if root access through ssh 
> is disabled by default, attack scripts would have to *guess* a user to 
> bruteforce and can't rely on bruteforcing "root" who exists on every 
> *nix system. So this would allow immediate ssh access to admins (ssh as 
> user and su -) to newly installed machines. Admin is free to remotely 
> log in, install public keys and reconfigure sshd as he sees fit, but 
> he's allowed to do it from his administrative workstation instead of the 
> physical machine console. This makes a lot of sense in my world.

Except the regular users are created in firstboot which might be
inaccessible when the system is installed remotely.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]