Date: Tue, 10 Oct 2000 04:35:25 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: kris@citusc.usc.edu (Kris Kennaway) Cc: eischen@vigrid.com (Daniel Eischen), kris@citusc.usc.edu (Kris Kennaway), tlambert@primenet.com (Terry Lambert), arch@FreeBSD.ORG, phk@critter.freebsd.dk (Poul-Henning Kamp), dillon@earth.backplane.com (Matt Dillon), imp@village.org (Warner Losh), jruigrok@via-net-works.nl (Jeroen Ruigrok van der Werven) Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200010100435.VAA18406@usr01.primenet.com> In-Reply-To: <20001009211232.A2340@citusc17.usc.edu> from "Kris Kennaway" at Oct 09, 2000 09:12:32 PM
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>> Do any committers have any objections to me disabling ntalk, >>>>>>> finger, telnet, rsh, and ftp by default in -current? And >>>>>>> sandboxing 'named' by default in -current? >>>> >>>> Won't this make it difficult to bootstrap a headless 1U box? >>> >>> The point, which many people in this discussion somehow keep missing, >>> is that when you do a default installation of recent versions of >>> FreeBSD, the machine reboots with ssh enabled and working. >> >> Don't you first need to add your keys before ssh is usable? > > No. It does password-based authentication by default, always has. Don't you need an ssh client before ssh is usable? I have "telnet" and "ftp" everywhere. Won't this make it difficult to bootstrap a headless 1U box from a Windows or Macintosh box? I'd bootstrap it from FreeBSD, but of course, FreeBSD can't use my Winmodem, so I'm left with no connection to the net, or no ssh to the 1U box, take your pick. Doesn't anyone else use laptops when bootstrapping rack mounted equipment? I guess we could all go out and buy a PCMCIA modem for our laptops, just so that we can have telnet and ftp disabled by default... Personally, I think this one-upmansship with OpenBSD is silly; no one is "secure by default", and anyone claiming they are is just leading users down the primrose path, until the next CERT advisory makes them out to be a liar. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010100435.VAA18406>