Summary of password strength discussion
bnocera at redhat.com
Thu Jul 30 12:30:25 UTC 2015
----- Original Message -----
> On Wed, Jul 29, 2015 at 06:14:10AM -0400, Bastien Nocera wrote:
> > ----- Original Message -----
> > > On Mon, Jul 27, 2015 at 03:27:03PM -0600, Chris Murphy wrote:
> > > > Firewalld needs to be easier to inform what networks are trusted, so
> > > > that when I go to a cafe it automatically blocks (or drops) requests
> > > > to ports 22, 445, 2049, etc. By default. Without asking me. Just do it
> > > > because I have no good reason having those available when I'm in a
> > > > cafe. And if I do, I'll trust the network.
> > >
> > > Here, we definitely agree.
> > Firewalld is as good as unused in Workstation. If you want ssh to run
> > per-network (as media, and file sharing do already), we can certainly do
> > that.
> sshd_config uses ListenAddress as opposed to allowing interface
> declarations. Would per-network be workable for wireless that way?
> Or would this mean multiple sshd_config files and running multiple
> instances of sshd?
No, we'd just stop ssh when on non-authorised networks. That's also what
we do for UPnP/DLNA, screen sharing, etc.
More information about the desktop