On Thu, Aug 13, 2009 at 02:16:06PM -0700, Rick Jones wrote: > And the question seems to presume that said clueless administrator would > have an epiphany between the time he did the initial install and when he > had to install the ssh server. Otherwise, I am not sure I see a > difference in the two cases.
The point is supposed to be that there's meant to be a reasonable correlation between the people that might be that clueless, and the people that have no need for an ssh server, so won't install it. Ubuntu in this position have the double defence of a) not having installed the server, like us, and b) not having a valid root password at all, so at least the attacker needs to guess the username as well as the worthless password. It's been a while since I used the rest, but I'd guess that RHEL is about the same as us, given that they have client and server packages from what I can see, unless they default to installing the server. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/ |-| HANDS.COM Ltd. http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
