Marco Peereboom wrote:
And they got it all wrong. It is all for the perceived sense of
security. Not being able to login over ssh right after install sucks.
I am that guy that ends up enabling it on all other boxes that use a
different default.
The machine I install and then deploy to be hostile network connected
gets some extra love in that department however crippling every box by
default for no gain is counter productive.
maybe if people actually READ THE ARCHIVES, they'd be better informed. i
wish this mailing list had
PermitStupidEmails No
as the default.
i really fail to see how this setting does anything other than make mgmt
types worry because they don't really understand security.
On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote:
On Thu, 10 Jul 2008, Marco Peereboom wrote:
Of course it is enabled by default. Why do I want a box that is
freshly installed and unreachable?
No -- I just find that most of afterboot(8) can be done from the console;
even serial console, at first boot, configure the network, add a non-root
user, add them to wheel, enable sshd.
I guess I'm just having trouble imagining the situation where you have
console access, but need to do basic post-install configuration via the
network, as root, remotely.
Even with CF/Embedded, you ship out master.passwd prepopualted.
And this is likely the rationel why the rest of the projects changed it.
~~BAS
On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote:
Am I reading this right?
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup
I dont have a fresh install anywhere -- but I want to say that it doesnt
default to PermitRootLogin yes after the install.
I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get this
changed, but Redhat Support is giving some some noise about:
"Well the source vendor doesn't disable it by default ..."
~BAS
