Trent W. Buck <trentbuck@gmail.com> wrote:
But we all (well, Russell and I) just agreed that stuff shouldn't listen until explicitly told to! Why should sshd be an exception?
I suppose I don't agree with the principle. I think that if you run, say, Postfix, it's perfectly reasonable to have a default configuration that listens to non-local interfaces. I don't want to get into a disagreement about this, but I really don't think there's much point in installing and starting something which exists primarily or only to accept network connections unless you want it to do precisely that. Of course, I think the default configuration should include reasonable security precautions, but that's a separate issue. For example, perhaps PasswordAuthentication no should be the default for ssh, except in live distributions where keys may not be available and quick access is paramount.