And they got it all wrong. It is all for the perceived sense of security. Not being able to login over ssh right after install sucks. I am that guy that ends up enabling it on all other boxes that use a different default.
The machine I install and then deploy to be hostile network connected gets some extra love in that department however crippling every box by default for no gain is counter productive. On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote: > On Thu, 10 Jul 2008, Marco Peereboom wrote: > >> Of course it is enabled by default. Why do I want a box that is >> freshly installed and unreachable? > > No -- I just find that most of afterboot(8) can be done from the console; > even serial console, at first boot, configure the network, add a non-root > user, add them to wheel, enable sshd. > > I guess I'm just having trouble imagining the situation where you have > console access, but need to do basic post-install configuration via the > network, as root, remotely. > > Even with CF/Embedded, you ship out master.passwd prepopualted. > > And this is likely the rationel why the rest of the projects changed it. > > ~~BAS > >> On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote: >>> Am I reading this right? >>> >>> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup >>> >>> I dont have a fresh install anywhere -- but I want to say that it doesnt >>> default to PermitRootLogin yes after the install. >>> >>> I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get this >>> changed, but Redhat Support is giving some some noise about: >>> >>> "Well the source vendor doesn't disable it by default ..." >>> >>> ~BAS
