Bug 136289 - sshd on by default after install
Summary: sshd on by default after install
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL: http://www.fedoraforum.org/forum/show...
Whiteboard:
Depends On: 147557
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-19 07:19 UTC by superbnerd
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-05-26 19:10:42 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description superbnerd 2004-10-19 07:19:22 UTC
Description of problem:
Please read my rant and discussion about this in the link above.

When I installed fc3t3 I noticed that ssh was enables by default. You
may think thats its not a big problem becuase the firewall is also
enabled, but if you read the thread I linked to you will have several
examples where the firewall being enabled doesn't save the newbies.

Can someone please explain why such a security risk is enabled? You
(the developers) did not even disable remote root login. If you some
how deem it to not be a security risk, it is a service that just waste
resources by being.

Isn't it good policy to disable services you aren't using?

Before you post your rebuttals, please read this thread where the
community discussed the matter:
http://www.fedoraforum.org/forum/showthread.php?t=25041


Version-Release number of selected component (if applicable):


How reproducible:
Everytime

Steps to Reproduce:
1. Choose custom install (haven't tested on the other methods)
2. Check services after complete install
3. Be distressed that sshd is enabled
  
Actual results:
Was distressed to find sshd enabled

Expected results:
A secure system that only has the necessary services running

Additional info:
I am certain this problem started long before fc3t3, but that when I
noticed it because I was searching for bugs.

Comment 1 Barry K. Nathan 2004-10-21 22:01:03 UTC
> Can someone please explain why such a security risk is enabled? You
> (the developers) did not even disable remote root login.

Keep in mind that it's possible to run Anaconda remotely (i.e. miles
away from the computer that's actually being installed). In that case,
if sshd is disabled by default then there's no way to enable sshd (or
to do *anything* else administratively once the installer finishes).
If remote root logins are disabled, there's no way to create a
non-root account, nor configure NIS and get a non-root account that way.

So, sshd can't just be disabled by default on all installs. Perhaps,
as some have suggested in the discussion thread you linked to, there
needs to be another screen in anaconda for configuring this.

Actually, I just realized that it may only need to be a single "Allow
remote login" checkbox, rather than being a full screen of its own.
(Or maybe two checkboxes, "Allow remote login" and "allow remote root
login".)

Comment 2 superbnerd 2004-10-22 10:42:09 UTC
Bare with me...

Let me get this striaght. Its enabled by default so someone can do a
remote install, but the firewall blocks port 22 by default. So isn't
remote access disabled already? 

Are you assuming the advanced users, which are doing remote installs
know to open ssh during the firewall config section of anacanda? If
that is the case, then shouldn't the sshd service be enabled only if
they choose to open the ssh ports, or there shoould be a page to
configure services before the firewall page. Or perhaps the service
configuration page should be on the firstboot program.

Anaconda should be configured to protect the newbie, not aid the
already knowledgeable admin. A lot of newbies will disable the
firewall so they don't have to deal with two firewall if they have a
router to share thier internet connection. Plus, many have poorly
secured wifi networks that anyone could break into to steal bandwidth,
and with sshd enabled thier data could be stolen. This is unlikely to
result in a compromise, but we cannot base security on probability.

Having check boxes to enable sshd is a good start, but it only treats
the immediate problem. Having a page to configure all services would
be best. As suggested in the thread I linked to, it should be a page
that newbies don't have to deal with. Perhaps an "Advanced Setup" page
or series of pages. This would be beneficial to those using kickstart
files becuase they usually have to manually configure the services
after installation, which defeats the purpose of automatic
configuration. (I have not used kickstart, so it already may be
possible to already configure other options that are not done through
anacanda.)

(Slightly off topic)
Apart from security, this would help fedora be more lean. Many
complain that a default fedora setup runs much slower than other
distros. Fedora shouldn't enable about 30% of the services it
currently does.

Comment 3 Barry K. Nathan 2004-10-22 14:50:09 UTC
> Let me get this striaght. Its enabled by default so someone can do a
> remote install, but the firewall blocks port 22 by default. So isn't
> remote access disabled already? 
> 
> Are you assuming the advanced users, which are doing remote installs
> know to open ssh during the firewall config section of anacanda?

Either open ssh or disable the firewall altogether (depending on the
circumstances, etc.), yes. (When you're running anaconda remotely, and
you're not using kickstart, you still get to see and interact with all
the dialog boxes that you get when you're installing locally.)

> If
> that is the case, then shouldn't the sshd service be enabled only if
> they choose to open the ssh ports, or there shoould be a page to
> configure services before the firewall page. Or perhaps the service
> configuration page should be on the firstboot program.

There are some situations where you might need ssh enabled with the
firewall disabled, but I guess it'd be OK (it would be OK with me
anyway) to require admins to enable the firewall, allow SSH, and then
manually disable/replace/whatever the firewall over SSH after
rebooting into the installed system.

FWIW there's already a config tool for enabling/disabling services
(system-config-services). I guess a page for it could be added to
firstboot, although anyone who really needs it should be able to run
it after firstboot themselves, as far as I can see. (IOW I'm
suggesting that there should be something more basic for handling SSH,
whether it's automatically enabling/disabling it based on the firewall
setting, or adding a separate SSH checkbox somewhere in anaconda or
firstboot.)

Comment 4 Tomas Mraz 2005-05-26 19:10:42 UTC
We have to support headless installs so there would have to be some way how to
enable the sshd in anaconda.

As the dependency bug was closed without fix I have to close this one too.
Firewall is on by default and user who is clueless enough to enable access to
sshd on firewall and have a weak root password will surely find other ways how
to make his machine vulnerable to attacks anyway.



Note You need to log in before you can comment on or make changes to this bug.