> -----Original Message----- > From: [email protected] > Sent: Fri, 31 Jan 2014 17:55:51 +0400 > To: [email protected] > Subject: Live CD default sshd install allowed root privileges to be > gained > > <snip> > The break in was caused by the fact that Debian's Live CD installed and > enabled SSH server to run (with PermitRootLogin enabled) without telling > me about it - I don't need an SSH server at home and would never run it > in this way with an easy to guess root password, which was simply root, > because I would never use the root account for logging in via network > and would definitely harden SSH configuration with AllowUsers, public > keys, firewall etc. I did install & enable a permissive iptables > firewall ("deny by default"), but a day or two after the break-in, long > before I detected the intrusion and what caused it. >
The problem appears to all come down to the poor choice of using root as the root password. If you are arguing for a change in behavior/action then you should state what change you desire and present an argument for such change. As far as I know upstream ships with rootlogin enabled, and the debian maintainers have considered the issue and left it as is. What exactly are you wanting in regards to this issue? ____________________________________________________________ FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop! Check it out at http://www.inbox.com/earth -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
