John Harris wrote: > Consider this. Our default ssh config, under your firewall config, would allow > any system on any network your system is connected to to break in. Only if you have chosen a worthless passphrase. Fedora's default SSHD configuration – on those spins where SSHD is actually installed and enabled by default – does in fact require at least an account passphrase for authentication. If an attacker guesses your passphrase, then it's your weak passphrase that allows them to break in. (That said, I'd be in favor of tightening the default SSHD configuration to allow only public key authentication, as long as it would still be possible to gain initial access to a freshly installed headless server.) > If you're > running local, it's open to any system on a network you're on. If you're > running postgres, same deal, and so on. I have no idea what you mean by "running local". As for PostgreSQL, the truth is that that by default it listens only on the loopback interface and two Unix domain sockets. It's not accessible from the network at all until you configure it so. Posting easily verifiable falsehoods doesn't help your case. If you explicitly configure PostgreSQL to listen for external connections, and also configure no authentication, and blindly assume that there is a packet filter in place to keep you safe, then you won't get much sympathy from me. As for the rest, this exchange has grown too ridiculous to waste any more of my time on. Björn Persson
Attachment:
pgpKFNLAm5Zgv.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
