Dear Roman, As the person who first made the suggestion and unwittingly released the advocacy hounds my main concern is that people should not be starting network services by mistake. So I would accept START_SSHD=no as a compromise. I think a good general rule of usability design is that software defaults should 'do the right thing' for the unsophisticated user, and that this rule is especially true where security is concerned. Sophisticated users should know enough to be able to change the defaults. In my job I have to administer many computer systems at work, but I also have to advise people who use Linux at home. I want these people to be able to experience the good things of Linux without me worrying about whether they have enabled security precautions. Perhaps a solution to this and other problems is a better selection of pre-packaged security configurations. We have 'easy', 'secure' and 'paranoid', but a typical home computer user should be paranoid about network services yet relaxed about internal security. They definitely don't want sshd etc but can be quite happy to run setuid games and have world-readable logs etc. This message has turned out longer than I intended...hope it doesn't contain any trolls. Bob P.S. This probably warrants a separate message, but the openssh security advisory seems to be missing from your web site. I upgraded a system to 7.0 just before christmas and thought I applied all the security advisories, but later discovered I had missed one. On Sat, 6 Jan 2001, Roman Drahtmueller wrote:
Perhaps SuSE could set up an advocacy list so this doesn't clutter up the security list?
I'll forward it to the right people.
As far as SSH packaging goes is there any reason to NOT split it up to client and server? It makes sense to me. Is there any compelling reason to NOT split it up?
I need a reason _for_ it in the first place. How about START_SSHD=no in /etc/rc.config, or rm /sbin/init.d/sshd /usr/sbin/sshd* /sbin/rcsshd ?
The secure shell daemon is ran at boot time per default intentionally. Reason: ssh is the only way to access a freshly installed machine remotely. We find that this makes sense.
Kurt Seifried, seifried@securityportal.com SecurityPortal - your focal point for security on the 'net
Thanks, Roman. -- - - | Roman Drahtm�ller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | N�rnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
============================================================== Bob Vickers R.Vickers@dcs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691