Hi Bob... 1) I do not think ssh is such an insecure service to be worried about the fact that it's installed by default. 2) anyone who is a little bit interested in his/her system will/should at least once check the settings in /etc/rc.config. The various START_* variables are really quite easy to understand (even for a novice) so all you have to do is set the value to "no" for all services that you dont know/need. A little reading in your handbook will give you enough info to make the right decision. The real problem nowadays is that most people dont want to be bothered reading anything anymore :-) At 12:36 04.01.01 +0000, you wrote:
Hello,
I have 2 suggestions that I believe will increase both security and usability:
(1) split the ssh packages into client and server parts
Uh I think I wouldn't like that. If SuSE starts doing that with all client/server stuff I will switch distro :-)
(2) have an ssh client installed as default
It is absurd that someone who installs an ssh client should find themselves running an ssh server. I would like to see most desktops in the world running an ssh client, but only a tiny minority should be running ssh servers.
The current situation could lead to people who have installed ssh so that they can access remote servers securely finding their home computers have been compromised because they unknowingly run an ssh service.
Ssh is not _that_ easy to compromise (if I compare it to telnet for instance) so if we are talking security I'd rather have a few services disabled in /etc/inetd.conf
The second suggestion is just to make my life easier...part of my job is to explain to people how to install ssh clients on their home machine, and the less they have to do the better.
rpm -ql ssh will tell you what files are installed, /etc/ssh* will be sufficient to configure the package for your needs and /etc/rc.config needs START_SSHD=no. Thats pretty much it as far as manual intervention goes and with that everyone can use ssh clients and no server is running.
Happy new year, Bob
Happy new year to you as well! Erwin Erwin Zierler | Web-/Hostmaster - Stubainet | Email: Erwin.Zierler@stubainet.at / webmaster@stubainet.at | Tel.: 05225 - 64325 Fax 99 Mobil: 0664 - 130 67 91