Date: Tue, 23 Apr 2002 11:31:04 -0400 From: utsl@quic.net To: Greg 'groggy' Lehey <grog@FreeBSD.org> Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423153104.GB19871@quic.net> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> References: <rwatson@FreeBSD.ORG> <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 23, 2002 at 01:16:46PM +0930, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; in > >> -STABLE it can probably be similarly replicated via appropriate tweaking > >> of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we ship > > Trust me, this question is going to come up a _lot_ for us otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to > find why I could no longer open windows on my X display, only to > discover that somebody had turned off tcp connections by default. Debian did this, but they put in a message that tells you that when you install the X server. IIRC, it even tells you what to change, and where. Of course, that might have been because enough people complained... As a sysadmin, I do think this is the right default. (I've worked in environments where people habitually used xhost +) But changing without telling anyone is extremely annoying. > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would > have. While it's a laudable aim to have a secure system, you have to > be able to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. > > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. There is a difference: the ssh change doesn't appear to be useful, AFAICS. If anything, it misleads the user into thinking ssh is broken. I'm not sure what, if any, improvement in default security happens as a result. The X change makes it look broken, too, but it really does make a difference in security not to expose your X server to the network by default. Probably more of a difference than what was done to ssh. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423153104.GB19871>