A Topic that needs to be discussed on next the QA meeting..
Alan Cox
alan at redhat.com
Tue Mar 18 10:30:56 UTC 2008
On Tue, Mar 18, 2008 at 09:16:12AM +0100, Tomas Mraz wrote:
> Nope, bad analogy. Having sshd open by default is to ship the car with
> remote keys enabled by default vs. giving the driver remote keys but
> request him to add a fuse to the fuse box if he wants to switch on the
> receiver.
Firstly this is untrue. The usual access is the console. Secondly the
configuration is not a fuse box its far simpler and graphical.
Almost the first rule of security is "deny everything" [Certain presidents
misunderstood the context ;)]. If a user cannot use ssh they will then rectify
the setting, if they can use it but do not need it they will not notice.
Nor is this an idle consideration. My external boxes with ssh ports get
regularly dictionary attacks, and those *will* break into some systems
with poorer passwords eventually.
So quite simply we should ship sshd firewalled. At the most extreme end we
should ship sshd off and instead returning an immediate error string saying
sshd disabled, but audit that code very very carefully!
More information about the fedora-test-list
mailing list