Mailinglist Archive: opensuse (2525 mails)

< Previous Next >
Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Fri, 20 Nov 2009 20:17:57 +0100
  • Message-id: <he6q15$poo$2@xxxxxxxxxxxxxxxx>
Lars Müller wrote:

On Fri, Nov 20, 2009 at 09:19:28AM -0800, John Andersen wrote:
On 11/20/2009 8:31 AM, Lars � wrote:
There is no good reason why Joe Doe needs the service ssh enabled.

I thought that was a particularly arrogant statement.

Arrogant? A user new to Linux doesn't need ssh access to a local box.

Correct, but somebody else might. His mum, the local admin for instance.

Cause the majority of users don't even know what ssh is. And it is
very likely that they even don't want to know it. ;)

The Joe Doe I have in mind is a person new to Linux, needing a text
processing system and a web browser. Firefox and OpenOffice is all
they need.

Lars, those arguments just don't work. Using that, we might as well
also disable apparmor, avahi, the virtual consoles and postfix. Are you
(or someoneelse) planning that for 11.3? Why was e.g. avahi and
apparmor even added when they are of no visible benefit to John Doe,
the new user?


Guys, I can hear lots of defensive footwork going on here, but no-one
has really been able to answer my questions in a satisfactory,
convincing manner - just as they couldn't in March last year. Arguments
I have heard so far:

1) sshd is a risk.

What risk? - port 22 is protected by the firewall.

2) sshd is not needed by J. Doe, the new Linux user.

Well, why have we been running sshd by default since 6.x then? If this
is the _real_ argument, I expect openSUSE to become increasingly
disabled - surely John Doe doesn't need cron nor syslog?

3) not starting sshd speeds up the boot-up.

Dominique, that was you grasping at straws, I think.


/Per

--
Per Jessen, Zürich (7.2°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >