please deactivate services by default!
Horst H. von Brand
vonbrand at inf.utfsm.cl
Thu Sep 25 21:48:12 UTC 2008
Chris Adams <cmadams at hiwaay.net> wrote:
[...]
> I always thought it was odd that some things (e.g. telnet) block root
> logins but others (e.g. ssh) don't. I can telnet in and then su and the
> password is just as much in the clear as it would have been with
> straight root-login-telnet.
telnet needs to go. I haven't installed the daemon for ages, and for some
time before had it disabled. The client comes handy to check out text-based
protocols, though. But perhaps netcat is a replacement here...
ssh is a different beast, the connection is encrypted.
> Either all should allow or all should block
> (I personally block), except for directly attached consoles (so root can
> get in when all else is broken).
> Maybe sshd could be configured as "PermitRootLogin without-password",
> which would require someone to configure keys (but not reconfigure sshd)
> before root ssh could be used.
Not for me, please.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria +56 32 2654239
Casilla 110-V, Valparaiso, Chile 2340000 Fax: +56 32 2797513
More information about the devel
mailing list