Erm, the same thing that is better not having any remote service opened by default? The fact that it could have a vulnerability that could lead to a successful attack?
Doesn't seem to have been much of a problem in the last few years, has it? Also, ssh only becomes vulnerable to an attack when you open the port in the firewall. Even then there is probably still a rate-check to stop brute force attacks.
As Ive said, its crystal clear whats better about not having a remote service running. Your usecase assumes everyone is behind a firewall, what if they are not? And just because ssh didnt have lots of problems, then we should assume it wont have? Its very silly that comment. We should look at the services and say "nay, wont try to secure that one, seems it wont need... this one, wow this one I will secure, seem its a naughty one". If you can open a port in your firewall, you can start ssh. And one of the two remote exploitable bugs in 10 years in openbsd was in openssh. But as I've mentioned early, this doesnt matter.
Its pretty clear why not having a service running by default (specially those offering it to the outside world) is better than the opposite, if you dont see that possibly you just don't want to see.
If that argument was correct, we should let the user run the init-sequence manually.
That argument is correct, and doesnt imply in what you've just said, its a matter of logic.
Now you want to convince everyone that everybody ssh to their own boxes running sshd all the time,
No, I don't. I just don't think it's good idea to change the current setup when the change doesn't bring about an improvement.
It brings an improvement, it was explained more or less 9 times in this thread.
You're not listening. I'm NOT advocating any change. You're the one who wants a change.
Exactly, the n-1 persons who commented in this thread (by n-1 I mean all except you) thinks its better pratice to turn off the service, as its a good pratice since internet started. And your argument for that is that openssh doesnt have bugs, which is at least naive. Its silly because one doesnt secure systems based on the amount of "secureness" of the service, you dont assume that, you assume the worst case, which is that the service will eventually have a bug. And besides that, ssh can be exploited without a bug, simply by bruteforcing it... root is enabled to log by default iirc, and you already have a user, all you need is a password now. Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org