On Tue, Jul 28, 2015 at 11:27 AM, Warren Young wyml@etr-usa.com wrote:
Much of the evil on the Internet today — DDoS armies, spam spewers, phishing botnets — is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to other people’s machines.
Your freedom to have sshd enabled by default stops at the point where exercising that freedom creates risk to other people's machines.
I can also use that logic with, password based auth by default, rather than PKA by default.
A rather strong argument can be made, much more so than a very weak > weak password quality policy, for sshd on a default 7 day disable timer. That is, by default, after 7 days, sshd is stopped and disabled. In the autopsies of pwned computers is the quickly provisioned server with a standard simple in-house password for such things, with the idea that after configuration the password will get changed or more likely sshd is disabled or it'll be added to firewall filtering. The reality is all the bad practices happen because this quickly provisioned machine is forgotten about for one reason or another, and then it gets owned.
Well, disabling sshd after 7 days would stop all of that and yet doesn't prevent initial configuration.
More likely, I think we'll see either sshd disabled by default or PKA required by default, both being provisioned via Cockpit. And that's because the minimum password quality under discussion is still rather weak when it comes to being able to put a system directly on the Internet or facing it with port forwarding while taking no other precautions. And yet the weak password policy is too strong for many legitimate use cases where the use case/environment aren't high risk for such passwords.