[MacTUG] Mountain Lion default SSH running!

Tue Mar 5 16:06:03 EST 2013

You may be missing my point Dani, I am not suggesting that we should turn
on SSH, quite the opposite. I am pointing out to folks that SSH and Screen
Sharing are on by default.

SSH is particularly nasty to have on by default. And yes, whenever I turn
on screen sharing I also only let specific users have access to it. And
yes #2, it is easy to turn off SSH (or most other services) via the
terminal, or for that matter, just turning it off via the system
preferences. 

My point is that there are likely several hundreds of macs floating around
the campus with SSH enabled without their users knowing about it and to
let folks know that Apple has changed this since Snow Leopard (I am not
sure if it was on by default in Lion).

------------------------------------
Donald Duff-McCracken
Technical Services Manager
Mapping, Analysis & Design
Faculty of Environment
University of Waterloo
(519) 888-4567 x32151
https://uwaterloo.ca/environment-computing/about/people/donald-duff-mccrack
en

------------
To request help from MAD please use Request Tracker. For info see:
https://rt.uwaterloo.ca/~wwwrt/cgi-bin/rtuser.pl

------------
This email communication is intended as a private communication for the
sole use of the primary addressee and those individuals listed for copies
in the original message. The information contained in this email is
private and confidential and If you are not an intended recipient you are
hereby notified that copying, forwarding or other dissemination or
distribution of this communication by any means is prohibited.  If you are
not specifically authorized to receive this email and if you believe that
you received it in error please notify the original sender immediately.

On 2013-03-05 11:57 AM, "Dani Roloson" <daroloso at uwaterloo.ca> wrote:

>Why turn on SSH at all? ARD UNIX allows you to do any of that.
>
>If you really insist:
>
>/etc/hosts.allow
>
>sshd: whateverFQDN
>sshd: correspondingIPaddress
>
>/etc/hosts.deny
>
>sshd: ALL
>
>As for the Sharing System Prefs for Remote Management (and Login if
>enabled),
>it is always set by us to be "Only these users".
>
>Dani
>MFCF
>________________________________________
>
>Did anyone else notice that? We probably have a ton of macs out there
>that have SSH and Screen Sharing in by default. That is not good and a
>departure for Apple. Apple used to rationalize not having its firewall
>enabled by default by stating that Apple did not enable services
>willy-nilly. This seems at least a bit on the nilly side of things.
>
>I once turned SSH on for my lab macs so I could have a back door and then
>a bunch of guys in Russia started using it too!
>_______________________________________________
>MacTUG mailing list
>MacTUG at lists.uwaterloo.ca
>https://lists.uwaterloo.ca/mailman/listinfo/mactug