[MacTUG] Mountain Lion default SSH running!

Mike Patterson mpatterson at uwaterloo.ca
Tue Mar 5 16:42:31 EST 2013 

Don't worry, the campus firewall will save us. =]

That said, I never noticed that ssh was open by default. Certainly, I had to enable it myself on my workstations, but they've been upgrades from 10.7, so maybe that's why.

Mike

-- 
Only he who handles his ideas lightly is master of his ideas, and
only he who is master of his ideas is not enslaved by them.
- Lin Yutang

On 2013-03-05, at 4:06 PM, Donald Duff-McCracken <dsmccrac at uwaterloo.ca> wrote:

> You may be missing my point Dani, I am not suggesting that we should turn
> on SSH, quite the opposite. I am pointing out to folks that SSH and Screen
> Sharing are on by default.
> 
> SSH is particularly nasty to have on by default. And yes, whenever I turn
> on screen sharing I also only let specific users have access to it. And
> yes #2, it is easy to turn off SSH (or most other services) via the
> terminal, or for that matter, just turning it off via the system
> preferences. 
> 
> My point is that there are likely several hundreds of macs floating around
> the campus with SSH enabled without their users knowing about it and to
> let folks know that Apple has changed this since Snow Leopard (I am not
> sure if it was on by default in Lion).
> 
> ------------------------------------
> Donald Duff-McCracken
> Technical Services Manager
> Mapping, Analysis & Design
> Faculty of Environment
> University of Waterloo
> (519) 888-4567 x32151
> https://uwaterloo.ca/environment-computing/about/people/donald-duff-mccrack
> en
> 
> ------------
> To request help from MAD please use Request Tracker. For info see:
> https://rt.uwaterloo.ca/~wwwrt/cgi-bin/rtuser.pl
> 
> ------------
> This email communication is intended as a private communication for the
> sole use of the primary addressee and those individuals listed for copies
> in the original message. The information contained in this email is
> private and confidential and If you are not an intended recipient you are
> hereby notified that copying, forwarding or other dissemination or
> distribution of this communication by any means is prohibited.  If you are
> not specifically authorized to receive this email and if you believe that
> you received it in error please notify the original sender immediately.
> 
> 
> 
> 
> 
> 
> On 2013-03-05 11:57 AM, "Dani Roloson" <daroloso at uwaterloo.ca> wrote:
> 
>> Why turn on SSH at all? ARD UNIX allows you to do any of that.
>> 
>> If you really insist:
>> 
>> /etc/hosts.allow
>> 
>> sshd: whateverFQDN
>> sshd: correspondingIPaddress
>> 
>> /etc/hosts.deny
>> 
>> sshd: ALL
>> 
>> As for the Sharing System Prefs for Remote Management (and Login if
>> enabled),
>> it is always set by us to be "Only these users".
>> 
>> Dani
>> MFCF
>> ________________________________________
>> 
>> Did anyone else notice that? We probably have a ton of macs out there
>> that have SSH and Screen Sharing in by default. That is not good and a
>> departure for Apple. Apple used to rationalize not having its firewall
>> enabled by default by stating that Apple did not enable services
>> willy-nilly. This seems at least a bit on the nilly side of things.
>> 
>> I once turned SSH on for my lab macs so I could have a back door and then
>> a bunch of guys in Russia started using it too!
>> _______________________________________________
>> MacTUG mailing list
>> MacTUG at lists.uwaterloo.ca
>> https://lists.uwaterloo.ca/mailman/listinfo/mactug
> 
> 
> _______________________________________________
> MacTUG mailing list
> MacTUG at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/mactug

More information about the MacTUG mailing list