119810 – sshd shouldn't be started by default

Bug 119810 - sshd shouldn't be started by default

Summary: sshd shouldn't be started by default

Status:	RESOLVED FIXED
Duplicates (1):	139348 (view as bug list)

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Installation (show other bugs)
Version:	RC 1
Hardware:	PC All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Lukas Ocilka
QA Contact:	Klaus Kämpf

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-10-01 18:42 UTC by Daniel Naber
Modified:	2005-12-15 14:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Naber 2005-10-01 18:42:09 UTC

I did a standard installation of openSuse and noticed that sshd is running
automatically. I think it should no do that for the following reason: people use
opensuse on their desktop computers and on their notebooks which are often
protected by means of a BIOS password and/or a hard-disk password. Thus people
will tend to use a less secure password for their Linux user account.

Many people will not be aware that this is a problem, as they are not aware that
you can remotely log in by default. Also, for everbody who needs sshd it would
only take 30 seconds to activate it. And it takes time to start, plus it uses
memory. That's why it should not start by default (it should of course be
installed by default -- but not started).

Comment 1 Petr Ostadal 2005-10-10 15:17:16 UTC

Andreas, what do you think about it?
It can be made by yast option in similiar way as firewall have it. But I don't
like disable sshd daemon by default, because IMHO a lot of people expect this
behaviour.

Comment 2 Daniel Naber 2005-10-10 18:04:44 UTC

Actually I now installed the final version and now there'a a real bug: the
summary installation screen contains an item like "sshd is deactivated"
(translated back from German). I clicked on the "deactivated" to see what
happens, so it changed to "activated". I clicked again so it should be
deactivated (and it showed "deactivated"). However, sshd was running anyway when
the installation was finished.

Besides that, I don't see why it matters that some people expect sshd to run by
default. Those who do NOT expect it have a good chance to have a security
problem. This is more important than saving the few seconds of work for those
who want sshd to be installed.

Comment 3 Marcus Meissner 2005-10-11 14:23:54 UTC

sshd is the one service we consider necessary and useful to run. 
 
The problem you are refering to is a bit problematic missdescribed entry 
in the Firewall heading on the Network Workflow page. 
 
You are right that people perhaps use too easy passwords. Those people will 
however likely not change this default firewall setting either. 
 
We can discuss this for 10.1, but all experienced users will kill us for it if 
we do that.

Comment 4 Andreas Jaeger 2005-11-24 10:08:38 UTC

YaST team, let's change the text from "sshd is deactivated" to "sshd port is blocked".

Let's still have ssh running by default...

Comment 5 Petr Ostadal 2005-12-06 21:31:18 UTC

reassign to yast2 maintainers

Comment 6 Lukas Ocilka 2005-12-07 08:15:54 UTC

OK, I'll change the text for 10.1

Comment 7 Lukas Ocilka 2005-12-07 09:07:24 UTC

Texts were fixed in SVN, it should be available in the next Alpha/Beta.

Comment 8 Lukas Ocilka 2005-12-15 14:07:14 UTC

*** Bug 139348 has been marked as a duplicate of this bug. ***