** James Courtier-Dutton <james.dutton@???> [2007-04-25 16:47]:
> On 24/04/07, Brian Chivers <brian@???> wrote:
> >
> >Never asked me but I did only install the base system.
>
> I just wished the default install of sshd only permitted pub/private
> keys and ssh2.
> Allowing ssh1 and username/password auth as a default install seems
> rather security broken to me.
** end quote [James Courtier-Dutton]
I'd disagree here, well half disagree. I'd go along with dropping ssh1,
but I wouldn't go for dropping username/password auth on installation.
Setting up pub/private keys should be part of the server admins setup
process, but it may well be necessary to login remotely during the
installation and setup with a username/password to do this. I wouldn't
expect the machine to be anywhere where this sort of login is likely to
be a major security risk until it is fully configured and ready for
prime time. On the other hand disabling root login by default should be
standard - you always create a user account during install.
--
Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/
====================================================================
Aptanet Ltd. | Registered in England | Company No: 4905028
Registered Office:
Crawford House, Hambledon Road, Denmead, Waterlooville, Hants., PO7 6NU
