On Tue 12 Jul 2016 at 11:44:56 +0200, Nicolas George wrote: > Le quintidi 25 messidor, an CCXXIV, mwnx a écrit : > > I would like to initiate a discussion about the security > > implications of the default sshd_config file, created after an > > installation of the openssh-server package. > > I think the problem you raise is not specific to SSH: when installing > anything that looks like a deamon, apt will start the daemon with its > default configuration immediately. There are hackish ways of working around > it, and I do not even know if they work with systemd. > > I always found that behaviour very bad, for many reasons. IMHO, starting > daemons after installing them should be an option.
The behaviour is sensible and acceptable. Anyone who installs a daemon wants to use it; why install it in the first place? If the defaults were unsafe it would be a bug. A single example of such an unsafe configuration would be nice to have.