12 Jul
2012
12 Jul
'12
6:47 a.m.
I am repeatedly annoyed that "apt-get install openssh-server" results in a daemon binding to *:22 by default. IMO it should behave like all other daemons and either not run, or bind only to lo by default.
Otherwise, there is an (admittedly small) window between installing sshd, and locking down sshd_config, in which people can attack sshd in its default configuration.
Unless you are running a firewall ;) James