> On Mon, 2005-01-10 at 12:32 -0500, Jeff Spaleta wrote: >> Maybe its only reasonable to protect ssh by default? [...] >> I'm fine with incremental changes that turn this on for only >> ssh by default if this is the most reasonable compromise. >> > > Off the top of my head, the only service where I immediately *want* to > turn it on is SSH. However, running through other services in my head > (FTP, SMTP, POP/IMAP, NTP, DNS, DHCP, HTTP, and databases primarily), I > cannot think of any other services where this would be a good thing. > > So I would say, only SSH. > Agreed. But maybe it should be turned off by default (not only firewalled)? Those who want to use it, surely can type "chkconfig ssh on" or click the little box in system-config-services?