Mailinglist Archive: opensuse-factory (626 mails)
| < Previous | Next > |
Re: [opensuse-factory] request for comments: disable ssh daemon by default
- From: Per Jessen <per@xxxxxxxxxxxx>
- Date: Fri, 28 Mar 2008 18:10:43 +0100
- Message-id: <fsj8qk$211$1@xxxxxxxxxxxxxxxx>
Druid wrote:
Doesn't seem to have been much of a problem in the last few years, has
it? Also, ssh only becomes vulnerable to an attack when you open the
port in the firewall. Even then there is probably still a rate-check
to stop brute force attacks.
If that argument was correct, we should let the user run the
init-sequence manually.
No, I don't. I just don't think it's good idea to change the current
setup when the change doesn't bring about an improvement.
You're not listening. I'm NOT advocating any change. You're the one
who wants a change.
/Per Jessen, Zürich
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
On Fri, Mar 28, 2008 at 1:37 PM, Per Jessen <per@xxxxxxxxxxxx> wrote:
Druid wrote:
> Having thought a litle more about it, I definitely vote yes -
> that change would have only negligible effect for any
> server-install users, whereas it would not create additional work
> for desktop-only/mostly newbies with a better default setting.
What exactly is "better" about not starting sshd by default?
Erm, the same thing that is better not having any remote service
opened by default? The fact that it could have a vulnerability that
could lead to a successful attack?
Doesn't seem to have been much of a problem in the last few years, has
it? Also, ssh only becomes vulnerable to an attack when you open the
port in the firewall. Even then there is probably still a rate-check
to stop brute force attacks.
Its pretty clear why not having a service running by default
(specially those offering it to the outside world) is better than the
opposite, if you dont see that possibly you just don't want to see.
If that argument was correct, we should let the user run the
init-sequence manually.
Now you want to convince everyone that everybody ssh to their own
boxes running sshd all the time,
No, I don't. I just don't think it's good idea to change the current
setup when the change doesn't bring about an improvement.
and that this is the default usecase around the planet, just because
you dont want to run "insserv sshd" once, and additionally its better
to change the Earth's rotation instead of you typing those 13
keystrokes (including the enter) so you activate your sshd.
You're not listening. I'm NOT advocating any change. You're the one
who wants a change.
/Per Jessen, Zürich
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |