[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH revised

From: Bas Wijnen
Subject: Re: SSH revised
Date: Tue, 28 Mar 2006 09:47:40 +0200
User-agent: Mutt/1.5.11+cvs20060126

On Mon, Mar 27, 2006 at 09:45:45PM +0200, Marcus Brinkmann wrote:
> > I think these do not match with MAC-alike system policies. If an
> > administrator/owner wants to restrict the options a specific user has to
> > enter the system via SSH, there must remain a small "system" ssh server
> > part. An example could be the limitiaton to SSH2.
> There are two responses to that.  The first is: Why would an
> administrator want to do that?  And the second is: Given the answer to
> the first question, is this something that we want to support?
> There are three possible outcomes to this: (1) there is no consistent
> argument why the admin would want to do that, or (2) there is a
> consistent argument, but it is in conflict with ideological
> assumptions we make, or (3) there is a consistent answer, and it does
> not conflict with our ideological assumptions.
> Only if the result is (3) it is worth considering to support this.
> And even then it may be rejected because of cost-benefit analysis or
> other factors.

Of course this is true.  However, I don't see the relevance, since this will
be a trivial thing to support.

Allowing a user to log in using ssh opens possibilities for attacks, which
means that the user needs to be (more) careful for his password, for example.
If a user doesn't actually want to use the service anyway, it is sensible to
disable it.  The Hurd way to do this is from the user settings (by not
registering with the system ssh server, for example).

Companies in particular aren't very fast in adopting new methods, though, and
they'll want to have the administrator do these things.  If the user doesn't
agree, she can easily work around this if she does have access to the network.
But I think that trying to tell this to the manager is something that takes
years (and if we take that effort anyway, we could better tell about something
important, like software patents ;-) ).

But as I said, it's easy to disable this.  Depending on how the service is
implemented, the host ssh server can filter the password file before checking
if a user is in it, or the administrator can fail to give a capability for the
network port that should run the server.


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]