-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 12, 2016 at 10:41:33AM -0300, Henrique de Moraes Holschuh wrote: > On Tue, 12 Jul 2016, mwnx wrote: > > Currently, after installing openssh-server, anyone can gain access > > to any user's account on the system using only the corresponding > > user's password. As we know, people do not necessarily use the most > > secure of passwords. This will especially be the case if the user > > does not expect his computer to be accessible in any way from the > > outside. > > Well, arguably, we could restrict ssh to key-based access by default > (which has a side effect of not allowing anyone in until keys are > deployed), or at least ask about it. > > We could have it behave differently when installed from within > debian-installer (where it is used to complete the installation > remotely, and needs to be password-based). > > Feel free to file a *wishlist* bug about it against the openssh-server > package, it would be a much better place to discuss its defaults.
Ultimately you are right, of course: but as I understood mwnx was looking for input, and quite a few valid points have been made. Changing the default right away seems too simplistic and would put many users in the rain. Some more thinking is needed, I guess. Me, I just wanted to avoid the OP being driven away by all too dismissive reactions. (S)he has a point, although perhaps the solution is a bit difficult. regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAleE9ssACgkQBcgs9XrR2kbssQCfRq9oMcVfP4ey/62XhsPYNxyQ ma0An2z6Rx5Smc2KyDmE6XvKepImIh78 =z/Vo -----END PGP SIGNATURE-----
