[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- From: Tomas Mraz <tmraz redhat com>
- To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
- Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- Date: Wed, 21 Mar 2007 23:19:49 +0100
On Wed, 2007-03-21 at 20:42 +0100, Thomas M Steenholdt wrote:
> I agree that compromising a user account is still bad. But not nearly as
> bad as root access (if one must choose), but if root access through ssh
> is disabled by default, attack scripts would have to *guess* a user to
> bruteforce and can't rely on bruteforcing "root" who exists on every
> *nix system. So this would allow immediate ssh access to admins (ssh as
> user and su -) to newly installed machines. Admin is free to remotely
> log in, install public keys and reconfigure sshd as he sees fit, but
> he's allowed to do it from his administrative workstation instead of the
> physical machine console. This makes a lot of sense in my world.
Except the regular users are created in firstboot which might be
inaccessible when the system is installed remotely.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]