On Mon, Jul 27, 2015 at 3:32 PM, Matthew Miller
<mattdm(a)fedoraproject.org> wrote:
On Mon, Jul 27, 2015 at 03:27:03PM -0600, Chris Murphy wrote:
> Firewalld needs to be easier to inform what networks are trusted, so
> that when I go to a cafe it automatically blocks (or drops) requests
> to ports 22, 445, 2049, etc. By default. Without asking me. Just do it
> because I have no good reason having those available when I'm in a
> cafe. And if I do, I'll trust the network.
Here, we definitely agree.
> When enabling sshd in the GUI, it should use AllowUsers in sshd_config
> rather than allowing all users access. ClientAliveInterval probably
I like this too, but editing sshd_config is more than a bit scary.
Not the user, the GUI asks a service to do the editing COW style -
write out a .new and once that succeeds, then rename current to old
and new to current.
--
Chris Murphy