Adam Jackson wrote:
On Tue, 2007-03-20 at 10:11 +0100, Alexander Boström wrote:
People don't use good passwords and they don't realize that their
password can be used remotely. Giving millions of people an sshd they
don't know or care about is a recipe for zombie machines and bad
security reputation.
So I think you mean "disable password auth by default".
That would probably be the ideal solution, security-wise, to this
problem. However, since we're talking about the default configuration
here, I feel this would make it "too hard" to get sshd set up initally.
If we disable password auth completely, we would have to manually put
public keys in place via USB keys or something. That's too much work.
Lets settle for a default configuration with a good balance between
usability and security. Like perhaps disabling root login or something.
Just my thoughts.
/Thomas
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
