[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

From: "Nicolas Mailhot" <nicolas mailhot laposte net>
To: "Development discussions related to Fedora Core" <fedora-devel-list redhat com>
Cc: fedora-devel-list redhat com
Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
Date: Tue, 20 Mar 2007 10:53:20 +0100 (CET)

Le Mar 20 mars 2007 10:42, Thomas M Steenholdt a écrit :
> Nicolas Mailhot wrote:
>>
>> Disabling ssh is not a good solution, many people need it. However the
>> default fedora ssh setup is woefully insecure
>>
>> At least ssh rate-limiting should be in the default firewall install.
>> Pam_abl would be even better (for other network services)
>>
>
> Blacklisting opens the potential for denial-of-service attacks. I'm not
> too familiar with the pam_abl implementation,

You have per-source-host and per-target-user tuneables

> but we should at least be
> very cautious if we choose to include and enable such features by default.

Sure. But sitting on the problem won't solve it.

-- 
Nicolas Mailhot

Follow-Ups:
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Thomas M Steenholdt

References:
- too many deamons by default - F7 test 2 live cd
  - From: Rahul Sundaram
- SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Alexander Boström
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Nicolas Mailhot
- Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
  - From: Thomas M Steenholdt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]