Date: Wed, 4 Apr 2001 22:47:51 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kris Kennaway" <kris@obsecurity.org> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: SSHD Problems... Message-ID: <000701c0bd93$f3a6a200$1401a8c0@tedm.placo.com> In-Reply-To: <20010404044643.A60142@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris, sshd _is also_ enabled _by default_ in the rc.conf file. Yes you can shut it off - however, you have to boot the system up to do it after the initial install - and of course the point is, is that by the time you get a login prompt, the sshd keys are already generated. I think you missed entirely the point of my rant. Obviously you come from the school that believes that you make something better by attaching more crap to it. This is a shame because the entire UNIX philosophy is one of simplicity is beauty. (or at least _was_) The security people don't come from this philosophy. They come from the philosophy that the more difficult it is to get into something, the more secure it is. Since they feel that the more secure that something is, the _better_ it is, their idea of the ultimately good UNIX operating system is one that will take you the rest of your life and a doctorate in mathematics to figure out how to get into. They are already well on the way to making OpenBSD into a BSD UNIX that is impossible for ordinary people to use, and FreeBSD is next on the list. Lest you laugh, let me point out that besides ssh, kerberos, pam, login levels and all this security crap that has been developed, there has been an enormous amount of OTHER non-security UNIX software that has been developed in the last 5 years. However, things like apache are still NOT standard items in a FreeBSD install, they are add-on, because people recognize that they are additional things that are not needed in all FreeBSD installs. Yet, all the security stuff _is_ deemed absolutely critical and essential to be a part of the FreeBSD distribution - even though, JUST LIKE APACHE, ssh is NOT needed in all FreeBSD installs. Don't you see a disconnection from reality here? I know I do. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: Kris Kennaway [mailto:kris@obsecurity.org] >Sent: Wednesday, April 04, 2001 4:47 AM >To: Ted Mittelstaedt >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: SSHD Problems... > > >On Tue, Apr 03, 2001 at 10:24:50PM -0700, Ted Mittelstaedt wrote: >> Hmmmm.... any way to fix this _other_ than going _further_ >> down the PAM road? Like - maybe SHUT IT OFF?!?!?! >> >> Not all of us want or need the latest >> doo-dad or dingle-hopper module that someone has suddenly >> decided is a "must have" for FreeBSD. > >Don't upgrade, then. You'll be troubled by no nasty new features. >Who has the gun to your head? > >> Frankly I'm starting to get a bit sick of it. Adding sshd >> in as an option was very pleasant. _mandating_ it by putting >> it in the startup so that keys are generated during installation >> was not so pleasant, but I decided to let it slide. Switching > >ssh keys are only generated if you enable sshd in your rc.conf. >Simply turn it off if you don't want it. > >> Kerberos default from off to _on_ as an installation option is >the action of >> an asshole who thinks they know how to set up my server better than >> I do. > >This was an inadvertant bug. > >> So, what's the next on the "we're gonna ram this new option down >> your fucking throat and make you go through hoops to turn it off >> despite the fact only a few obnoxious people are screaming for it" >> campaign for FreeBSD? I know, let's switch off root logins on the >> console so that if you want to ever login as root you have to bring >> up the system as single-user mode. Hey, that's insecure - let's >> switch off ALL logins! That's it - the ultimate FreeBSD >> installation - out of the box it simply cannot be accessed at >> all!!!!!! > >You need to 1) take a couple of sedatives and 2) go and have a good >lie down. This level of incoherent ranting serves no purpose, and >your problems were basically caused by your own inability to follow >well-publicized directions. > >Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c0bd93$f3a6a200$1401a8c0>