From owner-freebsd-questions Wed Apr 4 4:46:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-32.dsl.lsan03.pacbell.net [63.207.60.32]) by hub.freebsd.org (Postfix) with ESMTP id C9CD337B722 for ; Wed, 4 Apr 2001 04:46:44 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 352CD66D81; Wed, 4 Apr 2001 04:46:44 -0700 (PDT) Date: Wed, 4 Apr 2001 04:46:44 -0700 From: Kris Kennaway To: Ted Mittelstaedt Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSHD Problems... Message-ID: <20010404044643.A60142@xor.obsecurity.org> References: <3AC9E1F9.E27008E0@magpage.com> <000801c0bcc7$921a8820$1401a8c0@tedm.placo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000801c0bcc7$921a8820$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Tue, Apr 03, 2001 at 10:24:50PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Apr 03, 2001 at 10:24:50PM -0700, Ted Mittelstaedt wrote: > Hmmmm.... any way to fix this _other_ than going _further_ > down the PAM road? Like - maybe SHUT IT OFF?!?!?! > > Not all of us want or need the latest > doo-dad or dingle-hopper module that someone has suddenly > decided is a "must have" for FreeBSD. Don't upgrade, then. You'll be troubled by no nasty new features. Who has the gun to your head? > Frankly I'm starting to get a bit sick of it. Adding sshd > in as an option was very pleasant. _mandating_ it by putting > it in the startup so that keys are generated during installation > was not so pleasant, but I decided to let it slide. Switching ssh keys are only generated if you enable sshd in your rc.conf. Simply turn it off if you don't want it. > Kerberos default from off to _on_ as an installation option is the action of > an asshole who thinks they know how to set up my server better than > I do. This was an inadvertant bug. > So, what's the next on the "we're gonna ram this new option down > your fucking throat and make you go through hoops to turn it off > despite the fact only a few obnoxious people are screaming for it" > campaign for FreeBSD? I know, let's switch off root logins on the > console so that if you want to ever login as root you have to bring > up the system as single-user mode. Hey, that's insecure - let's > switch off ALL logins! That's it - the ultimate FreeBSD > installation - out of the box it simply cannot be accessed at > all!!!!!! You need to 1) take a couple of sedatives and 2) go and have a good lie down. This level of incoherent ranting serves no purpose, and your problems were basically caused by your own inability to follow well-publicized directions. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message