On Mon, 27 Aug 2001, Curt Sampson wrote:

> On Mon, 27 Aug 2001, David Brownlee wrote:
>
> Not without configuring your network and starting ssh as well. Also
> running ntpdate, if you don't want to risk incorrect timestamps on the
> things you automatically configured. There's enough things happening here
> manually that I don't consider updating the config file or generating
> a fresh config file (which can be easily automated) a big extra.
>
	The sshd start can either be run by hand (no need to edit any
	file), or updated in rc.conf which is likely to be edited anyway.
	ntpdate can be run by the automatic script connecting remotely.

> > 	Changing the default means an additional file to manually modify
> > 	at the console before any remote configuration can be done.
>
> The alternative, leaving it as it is, means poking a hole in the default
> security policy--a hole that didn't exist until we started shipping ssh
> with the system.
>
	The "default security policy" does not start sshd.

> We generally try to default to "as secure as possible" mode for freshly
> installed systems, and we've accepted in the past that this can make
> installs more difficult in some cases. I don't see how this is different.

	I suppose my main contention is it involves mucking with another
	config file.

-- 
		David/absolute		-- www.netbsd.org: No hype required --