From owner-freebsd-stable  Sun Dec 10  2:31:44 2000
From owner-freebsd-stable@FreeBSD.ORG  Sun Dec 10 02:31:42 2000
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from krycek.zoominternet.net (krycek.zoominternet.net [63.67.120.9])
	by hub.freebsd.org (Postfix) with SMTP id 36CBE37B400
	for <freebsd-stable@FreeBSD.ORG>; Sun, 10 Dec 2000 02:31:42 -0800 (PST)
Received: (qmail 29918 invoked from network); 10 Dec 2000 10:27:57 -0000
Received: from lcl12.cvzoom.net (HELO cvzoom.net) (208.226.155.12)
  by krycek.zoominternet.net with SMTP; 10 Dec 2000 10:27:57 -0000
Sender: dmmiller@FreeBSD.ORG
Message-ID: <3A335B8C.512F8D71@cvzoom.net>
Date: Sun, 10 Dec 2000 05:31:40 -0500
From: Donn Miller <dmmiller@cvzoom.net>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: rsowders@usgs.gov, Kal Torak <kaltorak@quake.com.au>,
	FreeBSD-stable <freebsd-stable@FreeBSD.ORG>,
	owner-freebsd-stable@FreeBSD.ORG
Subject: Re: ssh port broken?
References: <OF2316D389.6746EED1-ON882569B1.0025594A@er.usgs.gov> <xzpn1e41sv7.fsf@flood.ping.uio.no>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Dag-Erling Smorgrav wrote:

> n recent FreeBSD releases, sshd is enabled by default.

This is not good.  All services should be disabled out of the box.  IMO,
there should be a prompt on install asking the installer if (s)he would
like sshd enabled.  Also, portmap, inetd, and sendmail should be set to
"NO", unless the user specifically asks for it (at least in
/etc/defaults/rc.conf anyways).  Of course, almost all server admins
would want at least one of these running.  I think ALL network services
should be disabled, and leave it up to the sysadmin to enable what he
needs after the install has been complete.

Just my 2 cts (although no one asked me).  When I re-installed 4.2, I
noticed sshd was enabled by default.  I definitely didn't want sshd
running.  Although it's possible to disable these daemons post-install,
I think *additive* rather than *subtractive* configuring of network
daemons is the safest bet.

I'm going to draw some flames in this one, for sure.

- Donn


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message