Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Lars Müller <lmuelle@xxxxxxx>
- Date: Sat, 21 Nov 2009 16:05:31 +0100
On Sat, Nov 21, 2009 at 12:11:25PM +0000, G T Smith wrote:
[ 8< ]
This are the first observations on the direction openSuSE seems to be
taking that echoes a concern of mine. Although it vigorously denied
there is increasing emphasis on the home user desktop and a benign
neglect of other areas elsewhere, the end product seems to undermine
that denial.
The change not to enable the openssh daemon with any new install doesn't
say anything about the directions of the openSUSE project.
It is a simple security design approach. As said many times before: the
intention is to keep it simple stupid. And such design approaches are a
moving target. They got modified over the years. No more telnet, no
more plain passwords with the majority of services.
For those of us using Linux for a long time this doesn't cause much of
extra work. We're able to enable the service via YaST or might even use
chkconfig -a ssh on the command line. From the networking setup summary
it is one click at installation time.
And please keep in mind: If you upgrade from openSUSE 11.1 to 11.2 the
state of the service (enabled/disabled) is not changed.
Therefore to me all this noise about ssh is much about nothing compared
to the real issues, bugs and missing features we have.
And while all had been able to complain and to offend none had been able
to write something at http://en.opensuse.org/Ssh
I am personally not really interested in much of the multi-media and
desktop 'bells and whistles', but more in having a developmental and
research environment (with a bit of personal admin stuff). The tendency
to force the user away from the 'gubbins' which makes things work in
newer desktops is often more a hindrance than a help in this context.
(Having to work out which process you need to temporarily kneecap to get
the results one wants is a PITA).
Nobody is forced to anything. But as openSUSE, Fedora and Debian are
Open Source projects they move on. This move includes the adoption of
new concepts.
The majority of the new stuff makes it much, much easier for new users.
For example HAL/ConsoleKit/PolicyKit automatically grants permission to
the user by adding appropriate ACL entries to a bunch of files (like
/dev/snd/* and other device files) for local logins via console, gdm,
kdm.
But this is a conceptional change compared to how this had been done in
the past. For the sound stuff we had been used to be in the audio
group.
New concepts aren't introduced cause they're new or provide companies a
reason to sell a new product. These new approaches are used cause
they're more flexible and allow a better, finer grained control what's
allowed to which user or group for example.
I can see the both sides of the ssh/sshd argument. I think what we
really need is probably a restore to the concept of a professional
configuration for the technically literate and a basic user
configuration for the M$ refugees and not so literate. Installing 11.1
from scratch when one you knew what you wanted was possible but
unnecessarily time consuming
Which part of the installtion in 11.1 or 11.2 consumed more time than it
was the case with 11.0?
It was the intention to make the YaST installation workflow easier and
less time consuming by providing as much as possible reasonable defaults
while allowing the user to still modify configuration details on
request.
(at this moment 11.2 looks like something I
will skip). There are at least two different basic user groupings
involved and they have different base line requirements.
There is no good reason to skip openSUSE 11.2. In particular all the
noise about how the ssh service for a _new_ install is handled isn't a
reason not to use openSUSE 11.2.
I'm running it on five systems now and am very happy with all the
features we've recently read about at this list.
On the other hand openSUSE 11.1 is still fed with security fixes and
the openSUSE Build Service provides a huge amount of prebuild packages
in addition.
It's your decision which route to follow. As it was dicussed and
decided by the openSUSE community to disable the ssh service by default
with a fresh install of openSUSE as quoted in an earlier mail.
Additional action to get the ssh daemon started with openSUSE 11.2 is
only required if you perform a fresh install. And this action is
required _one_ time. One time spending ten seconds to enable this
additional network service (while install or later from inside the
system). Nothing compared to the time spent on this thread. ;)
But I'm sure we'll see additional 50 replies on this topic. :)
Lars
--
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
Attachment:
pgpTjtFMHUWLc.pgp
Description: PGP signature
- Follow-Ups:
- References:
- [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Per Jessen
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Lars Müller
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Per Jessen
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Peter Nikolic
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Brian K. White
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: Per Jessen
- Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- From: G T Smith
- [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- Prev by Date: [opensuse] OpenSUSE weekly News #98 out!
- Next by Date: Re: [opensuse] openSUSE windows Active Directory and OU=
- Previous by thread: Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- Next by thread: Re: [opensuse] 11.2 - what was the reasoning behind disabling sshd by default?
- Index(es):
Relevant Pages
|
