git: SSHD - Change default security

Matthew Dillon dillon at apollo.backplane.com
Sun Nov 15 12:38:20 PST 2009


    I think this is our chance to get people to think more seriously
    about security in a world where plain-text password access has been
    under serious attack for the last 20 years now, and getting more
    serious every day.  Passwords for shell access (via ssh) are dead in
    the modern world, It is just too dangerous in my view.

    This doesn't affect workstation or console logins or su, only incoming
    ssh connections.  And this only affects new installs, not upgrades.

    If a user installing a new system wants to use a password for incoming
    ssh access they have to enable it for ssh in /etc/ssh/sshd_config...
    that really is not any more complicated then users who wanted to enable
    incoming root access via ssh and also had to (previously) edit
    /etc/ssh/sshd_config.  Now both cases are uniform.  Sshd by default
    allows you to use public keys but not passwords on new installs.
    Simple.

    Hmm.  Do users still have to generate the host keys or does our
    installer do that now?

    I personally believe that installing a ssh key by pulling it over a
    network, e.g. with 'fetch', is just as easy as installing a password.
    The network has to be operational to access the machine remotely
    anyway so...  Not only that, but we already have remote configuration
    tools (rconfig) which can be used to grant initial remote access by
    installing appropriate keys.

    OPIE would be a cool thing to have, I won't stop anyone who wants to
    make that work.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Commits mailing list