Hi, I recently made an internet gateway by installing two NICs into a computer and installing OpenBSD. I used the default installation which was easy to do and works very well. The problem is that I was able to log on the machine as root remotely from the internet side using puTTY. I do not feel very secure knowing that my root password is the only thing* standing in the way of some hacker having his/her way with my machine. I would like to suggest that this feature be turned off in the default install in future versions of OpenBSD.
I know this is a feature and not a bug, but it could be easily misused and is therefore a security issue. Thank you, Randy *this isn't really true, there is a router with a pretty good firewall between the raw internet and the gateway, but still...
