Erwin, Any service is potentially insecure, and sshd is intrinsically insecure because it is *designed* to let people login to a machine and start a shell. I don't think you are putting yourself in the place of a typical user. We want Linux to be available to everybody, right? We want it to take over from Windows as the operating system of choice for a home user, don't we? I'm afraid we don't stand a chance if we demand that people be 'interested' in their system and wade through fat manuals. A typical user wants to run applications, play games, surf the net, that sort of thing. They are probably not used to the idea of setting a password so will set it to be the same as their name. After all, they trust everyone else in their family. It will never occur to them that by connecting to the internet they enable anyone in the world to login to the computer in their bedroom and start doing damage. You are right that it is easy to look through rc.config and change things. But most users would never think of doing it. In contrast the sort of person who needs to run an ssh server will probably be well-used to that kind of system admin and will be very happy to edit rc.config . Regards, Bob On Thu, 4 Jan 2001, Erwin Zierler - Stubainet wrote:
Hi Bob...
I do not think ssh is such an insecure service to be worried about the fact that it's installed by default.
anyone who is a little bit interested in his/her system will/should at least once check the settings in /etc/rc.config. The various START_* variables are really quite easy to understand (even for a novice) so all you have to do is set the value to "no" for all services that you dont know/need. A little reading in your handbook will give you enough info to make the right decision. The real problem nowadays is that most people dont want to be bothered reading anything anymore :-)
At 12:36 04.01.01 +0000, you wrote:
Hello,
I have 2 suggestions that I believe will increase both security and usability:
(1) split the ssh packages into client and server parts
Uh I think I wouldn't like that. If SuSE starts doing that with all client/server stuff I will switch distro :-)
(2) have an ssh client installed as default
It is absurd that someone who installs an ssh client should find themselves running an ssh server. I would like to see most desktops in the world running an ssh client, but only a tiny minority should be running ssh servers.
The current situation could lead to people who have installed ssh so that they can access remote servers securely finding their home computers have been compromised because they unknowingly run an ssh service.
Ssh is not _that_ easy to compromise (if I compare it to telnet for instance) so if we are talking security I'd rather have a few services disabled in /etc/inetd.conf
The second suggestion is just to make my life easier...part of my job is to explain to people how to install ssh clients on their home machine, and the less they have to do the better.
rpm -ql ssh will tell you what files are installed, /etc/ssh* will be sufficient to configure the package for your needs and /etc/rc.config needs START_SSHD=no. Thats pretty much it as far as manual intervention goes and with that everyone can use ssh clients and no server is running.
Happy new year, Bob
Happy new year to you as well!
Erwin
Erwin Zierler | Web-/Hostmaster - Stubainet | Email: Erwin.Zierler@stubainet.at / webmaster@stubainet.at | Tel.: 05225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
============================================================== Bob Vickers R.Vickers@dcs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691