[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

From: Thomas M Steenholdt <tmus tmus dk>
To: fedora-devel-list redhat com
Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Date: Tue, 20 Mar 2007 10:42:55 +0100

Nicolas Mailhot wrote:


Disabling ssh is not a good solution, many people need it. However the
default fedora ssh setup is woefully insecure

At least ssh rate-limiting should be in the default firewall install.
Pam_abl would be even better (for other network services)

Blacklisting opens the potential for denial-of-service attacks. I'm nottoo familiar with the pam_abl implementation, but we should at least bevery cautious if we choose to include and enable such features by default.


Same thing goes for rate-limiting.

I'm not saying that either of these are *bad*. I'm saying that fordefault setups, we need to be very cautious with these things.

A more direct, less intrusive (for some/most) approach would perhaps beto disallow root logins by default?!?


/Thomas

Follow-Ups:
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Nicolas Mailhot

References:
- too many deamons by default - F7 test 2 live cd
  - From: Rahul Sundaram
- SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Alexander Boström
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Nicolas Mailhot

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]