Ad: [opensuse-factory] request for comments: disable ssh daemon by default
2008/3/28, Marcus Meissner
Hi,
We are thinking about disabling the ssh daemon by default.
Reason is that it most desktop users do not use it all and it is just taking away memory for those, and also presenting an attack surface once the firewall is disabled.
Also its is blocked by the firewall from remote by default.
Reenabling it would be as simble as:
insserv sshd rcsshd start
We are still undecided whether to do so or not.
Ciao, Marcus -- Working, but not speaking, for the following german company: SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Please , do not change this. In engineering environments ssh is used all the time. In our company it's essential in several manners. We use it for user/server support, remote login, fish:// files from other machines and we also use the NX desktop solution extensively. So , please. Do not change this for the sake of a few newbies. It does not bother them that it is there, but it certainly would bother us if it's not there. Kind Regards Birger Kollstrand Devoteam Telecom AS --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
I think its a valid argument that most users of desktop systems do not
use this feature, and I do agree it does pose a minimal security
threat especially with the poor passwords most users select (but if
you are worried about the RAM that SSHd takes up then your system
doesn't have enough RAM :)
How about for default KDE/Gnome install it is disabled but if you
select the "servers" option in setup it is enabled?
Or why not make it just like the firewall setting (which I never
use... always disable) it just lets the user pick if they want SSHd
running or not.
On Fri, Mar 28, 2008 at 1:23 PM,
2008/3/28, Marcus Meissner
: Hi,
We are thinking about disabling the ssh daemon by default.
Reason is that it most desktop users do not use it all and it is just taking away memory for those, and also presenting an attack surface once the firewall is disabled.
Also its is blocked by the firewall from remote by default.
Reenabling it would be as simble as:
insserv sshd rcsshd start
We are still undecided whether to do so or not.
Ciao, Marcus -- Working, but not speaking, for the following german company: SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Please , do not change this.
In engineering environments ssh is used all the time. In our company it's essential in several manners. We use it for user/server support, remote login, fish:// files from other machines and we also use the NX desktop solution extensively.
So , please. Do not change this for the sake of a few newbies. It does not bother them that it is there, but it certainly would bother us if it's not there.
Kind Regards
Birger Kollstrand Devoteam Telecom AS --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Marcus Meissner:
We are thinking about disabling the ssh daemon by default.
Votes++. Good basic policy.
Reason is that it most desktop users do not use it all
Right. Plus using it involves a bit more than just the server sitting there anyway. None of which too demanding for people who need ssh.
and it is just taking away memory for those, and also
It's not exactly a memory hog. Birger Kollstrand:
In engineering environments ssh is used all the time. In our company it's essential in several manners. We use it for user/server support, remote login, fish:// files from other machines and we also use the NX desktop solution extensively.
Marcus' proposition is merely to disable the default startup. To disable services that are not needed by everyone is just good common practice. Starting the service is a couple of clicks or lines away. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Wolfgang Woehl wrote:
Marcus' proposition is merely to disable the default startup. To disable services that are not needed by everyone is just good common practice.
It might be a good common practice, but only we define who "everyone" is. And whether openSUSE is primarily aimed at that group or not. /Per Jessen, Zürich --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (4)
-
Andreas van dem Helge
-
birger.kollstrand@googlemail.com
-
Per Jessen
-
Wolfgang Woehl