DragonFly BSD
DragonFly kernel List (threaded) for 2004-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ideas 2

From: David Rhodus <sdrhodus@xxxxxxxxx>
Date: Wed, 28 Jul 2004 14:35:19 -0400

>     I've considered changing the PermitRootLogin to 'without-password'
>     by default.  For the CD boot we could safely set it to 'yes' by
>     default, because sshd will not accept an empty password... then a
>     person would only need to set a password on the root account and they
>     could login via sshd.
>                                         -Matt

I would worry about having the 'without-password' turned on by
default, even for the CD because of the possibility of bug getting
into the release building process which could lead to the sshd_config
being copied over to the H/D. I don't think I would be as adverse to
having a small piece of the install program loaded at boot-time and
going into a polling mode which you could remotely attach and perform
a remote install. This would again still need to be limited to the
local subnet but wouldn't directly give out a root prompt. I can still
think of several scenarios were this could be abused, but at least the
person would be limited some-what to the options provided by the
install program.

                                            Steven David Rhodus

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]