Le Mar 20 mars 2007 10:42, Thomas M Steenholdt a écrit : > Nicolas Mailhot wrote: >> >> Disabling ssh is not a good solution, many people need it. However the >> default fedora ssh setup is woefully insecure >> >> At least ssh rate-limiting should be in the default firewall install. >> Pam_abl would be even better (for other network services) >> > > Blacklisting opens the potential for denial-of-service attacks. I'm not > too familiar with the pam_abl implementation, You have per-source-host and per-target-user tuneables > but we should at least be > very cautious if we choose to include and enable such features by default. Sure. But sitting on the problem won't solve it. -- Nicolas Mailhot -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
