Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Nicolas Mailhot wrote:


Disabling ssh is not a good solution, many people need it. However the
default fedora ssh setup is woefully insecure

At least ssh rate-limiting should be in the default firewall install.
Pam_abl would be even better (for other network services)
Blacklisting opens the potential for denial-of-service attacks. I'm not too familiar with the pam_abl implementation, but we should at least be very cautious if we choose to include and enable such features by default. 

Same thing goes for rate-limiting.
I'm not saying that either of these are *bad*. I'm saying that for default setups, we need to be very cautious with these things.
A more direct, less intrusive (for some/most) approach would perhaps be to disallow root logins by default?!? 

/Thomas

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux