Lars Müller wrote:
On Fri, Nov 20, 2009 at 09:19:28AM -0800, John Andersen wrote:
On 11/20/2009 8:31 AM, Lars � wrote:
There is no good reason why Joe Doe needs the service ssh enabled.
I thought that was a particularly arrogant statement.
Arrogant? A user new to Linux doesn't need ssh access to a local box.
Correct, but somebody else might. His mum, the local admin for instance.
Cause the majority of users don't even know what ssh is. And it is very likely that they even don't want to know it. ;)
The Joe Doe I have in mind is a person new to Linux, needing a text processing system and a web browser. Firefox and OpenOffice is all they need.
Lars, those arguments just don't work. Using that, we might as well also disable apparmor, avahi, the virtual consoles and postfix. Are you (or someoneelse) planning that for 11.3? Why was e.g. avahi and apparmor even added when they are of no visible benefit to John Doe, the new user? Guys, I can hear lots of defensive footwork going on here, but no-one has really been able to answer my questions in a satisfactory, convincing manner - just as they couldn't in March last year. Arguments I have heard so far: 1) sshd is a risk. What risk? - port 22 is protected by the firewall. 2) sshd is not needed by J. Doe, the new Linux user. Well, why have we been running sshd by default since 6.x then? If this is the _real_ argument, I expect openSUSE to become increasingly disabled - surely John Doe doesn't need cron nor syslog? 3) not starting sshd speeds up the boot-up. Dominique, that was you grasping at straws, I think. /Per -- Per Jessen, Zürich (7.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org