Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Apr 2002 13:16:46 +0930
From:      Greg 'groggy' Lehey <grog@FreeBSD.org>
To:        Jordan Hubbard <jkh@winston.freebsd.org>
Cc:        Robert Watson <rwatson@FreeBSD.ORG>, Oscar Bonilla <obonilla@galileo.edu>, Anthony Schneider <aschneid@mail.slc.edu>, Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>, hackers@FreeBSD.ORG
Subject:   Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
Message-ID:  <20020423131646.I6425@wantadilla.lemis.com>
In-Reply-To: <11670.1019530386@winston.freebsd.org>
References:  <rwatson@FreeBSD.ORG> <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> <11670.1019530386@winston.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote:
>> That fix relies on the extensive PAM updates in -CURRENT however; in
>> -STABLE it can probably be similarly replicated via appropriate tweaking
>> of sshd (?).
>
> Why not fix it in stable by the very simple tweaking of the
> ChallengeResponseAuthentication to no in the sshd config file we ship
> Trust me, this question is going to come up a _lot_ for us otherwise. :(

I've been noticing a continuing trend for more and more "safe"
configurations the default.  I spent half a day recently trying to
find why I could no longer open windows on my X display, only to
discover that somebody had turned off tcp connections by default.

I have a problem with this, and as you imply, so will a lot of other
people.  As a result of this sort of thing, people trying to migrate
from other systems will probably just give up.  I certainly would
have.  While it's a laudable aim to have a secure system, you have to
be able to use it too.  I'd suggest that we do the following:

1.  Give the user the choice of these additional features at
    installation time.  Recommend the procedures, but explain that you
    need to understand the differences.

2.  Document these things very well.  Both this ssh change and the X
    without TCP change are confusing.  If three core team members were
    surprised, it's going to surprise the end user a whole lot more.
    We should at least have had a HEADS UP, and we probably need a
    security policy document with the distributions.

Greg
--
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423131646.I6425>