On Thu, 10 Jul 2008, Jacob Yocom-Piatt wrote:
maybe if people actually READ THE ARCHIVES, they'd be better informed. i wish
this mailing list had
I didn't want to rehash it all again. Everyone knows the issues.
However, with respect to the right to disagree, if Marco's and Darrin's
belief that if remote-network-postinstall configuration is the standing
reason, then I consider myself in disagreement.
Also, I think there is a false premise to the argument by Marco and Jacob
that disabling remote root login by default does not provide real
security, only a false illusion.
That sounds like a slippery slope. We all know that security is a
process.
There is a security risk / attack vector here, however remote, without
password quality and failed-login tarpid/delay mechanisms, a remote root
password is subject to brute force.
Plus, hypothetically, how strong is a temporary root password going to be?
Its not going to be the one that you use in production, so likely you're
going to recycle the same one after every install.
- Yes qualified administrators filter sshd(8) w/ pf(4)
- Yes qualified administrators choose strong passwords
- Yes qualified administrators disable PermitRootLogin afterboot
- Yes qualified administrators always use sudo(8) and never use
root shells
I propose, as a compromise, wrapping PermitRootLogin around a Match
statement, limited to the default local subnet gleaned during the install
network config (no "LocalSubnets" macro exists in sshd_config(5), afaik,
but that would be best)
Its just the right thing to do; and we should be leading by example.
Either way, its a healthy discussion worth having.
~~BAS
PermitStupidEmails No
as the default.
i really fail to see how this setting does anything other than make mgmt
types worry because they don't really understand security.
On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote:
On Thu, 10 Jul 2008, Marco Peereboom wrote:
Of course it is enabled by default. Why do I want a box that is
freshly installed and unreachable?
No -- I just find that most of afterboot(8) can be done from the console;
even serial console, at first boot, configure the network, add a non-root
user, add them to wheel, enable sshd.
I guess I'm just having trouble imagining the situation where you have
console access, but need to do basic post-install configuration via the
network, as root, remotely.
Even with CF/Embedded, you ship out master.passwd prepopualted.
And this is likely the rationel why the rest of the projects changed it.
~~BAS
On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote:
Am I reading this right?
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup
I dont have a fresh install anywhere -- but I want to say that it doesnt
default to PermitRootLogin yes after the install.
I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get
this
changed, but Redhat Support is giving some some noise about:
"Well the source vendor doesn't disable it by default ..."
~BAS
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
"Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?"
~Maynard James Keenan