Bug 136289
| Summary: | sshd on by default after install | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | superbnerd <superbnerd> |
| Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | CC: | barryn |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.fedoraforum.org/forum/showthread.php?t=25041 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-05-26 19:10:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 147557 | ||
| Bug Blocks: | |||
|
Description
superbnerd
2004-10-19 07:19:22 UTC
> Can someone please explain why such a security risk is enabled? You
> (the developers) did not even disable remote root login.
Keep in mind that it's possible to run Anaconda remotely (i.e. miles
away from the computer that's actually being installed). In that case,
if sshd is disabled by default then there's no way to enable sshd (or
to do *anything* else administratively once the installer finishes).
If remote root logins are disabled, there's no way to create a
non-root account, nor configure NIS and get a non-root account that way.
So, sshd can't just be disabled by default on all installs. Perhaps,
as some have suggested in the discussion thread you linked to, there
needs to be another screen in anaconda for configuring this.
Actually, I just realized that it may only need to be a single "Allow
remote login" checkbox, rather than being a full screen of its own.
(Or maybe two checkboxes, "Allow remote login" and "allow remote root
login".)
Bare with me... Let me get this striaght. Its enabled by default so someone can do a remote install, but the firewall blocks port 22 by default. So isn't remote access disabled already? Are you assuming the advanced users, which are doing remote installs know to open ssh during the firewall config section of anacanda? If that is the case, then shouldn't the sshd service be enabled only if they choose to open the ssh ports, or there shoould be a page to configure services before the firewall page. Or perhaps the service configuration page should be on the firstboot program. Anaconda should be configured to protect the newbie, not aid the already knowledgeable admin. A lot of newbies will disable the firewall so they don't have to deal with two firewall if they have a router to share thier internet connection. Plus, many have poorly secured wifi networks that anyone could break into to steal bandwidth, and with sshd enabled thier data could be stolen. This is unlikely to result in a compromise, but we cannot base security on probability. Having check boxes to enable sshd is a good start, but it only treats the immediate problem. Having a page to configure all services would be best. As suggested in the thread I linked to, it should be a page that newbies don't have to deal with. Perhaps an "Advanced Setup" page or series of pages. This would be beneficial to those using kickstart files becuase they usually have to manually configure the services after installation, which defeats the purpose of automatic configuration. (I have not used kickstart, so it already may be possible to already configure other options that are not done through anacanda.) (Slightly off topic) Apart from security, this would help fedora be more lean. Many complain that a default fedora setup runs much slower than other distros. Fedora shouldn't enable about 30% of the services it currently does. > Let me get this striaght. Its enabled by default so someone can do a > remote install, but the firewall blocks port 22 by default. So isn't > remote access disabled already? > > Are you assuming the advanced users, which are doing remote installs > know to open ssh during the firewall config section of anacanda? Either open ssh or disable the firewall altogether (depending on the circumstances, etc.), yes. (When you're running anaconda remotely, and you're not using kickstart, you still get to see and interact with all the dialog boxes that you get when you're installing locally.) > If > that is the case, then shouldn't the sshd service be enabled only if > they choose to open the ssh ports, or there shoould be a page to > configure services before the firewall page. Or perhaps the service > configuration page should be on the firstboot program. There are some situations where you might need ssh enabled with the firewall disabled, but I guess it'd be OK (it would be OK with me anyway) to require admins to enable the firewall, allow SSH, and then manually disable/replace/whatever the firewall over SSH after rebooting into the installed system. FWIW there's already a config tool for enabling/disabling services (system-config-services). I guess a page for it could be added to firstboot, although anyone who really needs it should be able to run it after firstboot themselves, as far as I can see. (IOW I'm suggesting that there should be something more basic for handling SSH, whether it's automatically enabling/disabling it based on the firewall setting, or adding a separate SSH checkbox somewhere in anaconda or firstboot.) We have to support headless installs so there would have to be some way how to enable the sshd in anaconda. As the dependency bug was closed without fix I have to close this one too. Firewall is on by default and user who is clueless enough to enable access to sshd on firewall and have a weak root password will surely find other ways how to make his machine vulnerable to attacks anyway. |