Hi, On 12/11/13 21:28, Peter Simons wrote:
> > Running sshd without port 22 open doesn't make much sense. > > well, I know at least one person who has a locally running SSH daemon > for no reason other than being able to use "ssh root@localhost" as a > fancy replacement for sudo. For that use case, it's not necessary (nor > desirable) to have the firewall enable access from the outside world. Yes, there is always some crazy exception :-) > Personally, I would argue that no service should open up ports in the > firewall, ever. Only the administrator should do that. Well, only the administrator can enable the sshd service, anyway. The question is whether it's reasonable to expect that enabling sshd also opens port 22. Also, I've been wanting to enable the firewall by default in NixOS for a while (https://github.com/NixOS/nixos/issues/55) and disabling port 22 would lock out people who have sshd enabled without having port 22 opened explicitly in their configuration.nix. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
