Date: Sun, 10 Dec 2000 05:31:40 -0500 From: Donn Miller <dmmiller@cvzoom.net> To: Dag-Erling Smorgrav <des@ofug.org> Cc: rsowders@usgs.gov, Kal Torak <kaltorak@quake.com.au>, FreeBSD-stable <freebsd-stable@FreeBSD.ORG>, owner-freebsd-stable@FreeBSD.ORG Subject: Re: ssh port broken? Message-ID: <3A335B8C.512F8D71@cvzoom.net> References: <OF2316D389.6746EED1-ON882569B1.0025594A@er.usgs.gov> <xzpn1e41sv7.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > n recent FreeBSD releases, sshd is enabled by default. This is not good. All services should be disabled out of the box. IMO, there should be a prompt on install asking the installer if (s)he would like sshd enabled. Also, portmap, inetd, and sendmail should be set to "NO", unless the user specifically asks for it (at least in /etc/defaults/rc.conf anyways). Of course, almost all server admins would want at least one of these running. I think ALL network services should be disabled, and leave it up to the sysadmin to enable what he needs after the install has been complete. Just my 2 cts (although no one asked me). When I re-installed 4.2, I noticed sshd was enabled by default. I definitely didn't want sshd running. Although it's possible to disable these daemons post-install, I think *additive* rather than *subtractive* configuring of network daemons is the safest bet. I'm going to draw some flames in this one, for sure. - Donn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A335B8C.512F8D71>