On 7/30/25 15:18, John Dow wrote:

Further to this, I’d be completely unsurprised is fully 99.9% of Linux users consider an SSH client essential. Which is why it’s installed by default.

It’s worth bearing in mind that while Linux is becoming more and more useful to Windows users, Linux is not Windows.

Just as a data point: Windows ships these days with an SSH client as well...

Detlef

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30 Jul 2025, at 13:57, Greg Wooledge <greg@wooledge.org> wrote:

On Wed, Jul 30, 2025 at 14:30:56 +0200, Oleg Goncharov wrote:

One of the things that surprised me is that Debian ships with components
like ssh and related services (such as sslh) by default,

Huh? What are you talking about?

An ssh server is *not* installed by default, and I don't even know
what "sslh" is.

which are
primarily used for server purposes. For most users who are using Debian as >> a desktop or workstation, these tools are unnecessary and can create
additional complexity and potential security concerns.

You do mean an ssh *server*, right? Not an ssh client?

I'd say there's a substantially large number of desktop systems where
an ssh server is installed for a large variety of reasons. But, again,
this is not the default. You have to select that during the installation,
or after the installation.

Further to this, I’d be completely unsurprised is fully 99.9% of Linux users consider an SSH client essential. Which is why it’s installed by default.

It’s worth bearing in mind that while Linux is becoming more and more useful to Windows users, Linux is not Windows.

J


--
John Dow <jmd@nelefa.org>
http://www.nelefa.org
PVC:APKTIDQ4881ao2SFS0DZLOe7t6V0UwcuUV4x3dnkJR0TZsYX0usQ



--Apple-Mail=_2C5B5255-0856-4C37-8A04-4113964D76B9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><br><div><blockquote type="cite"><div>On 30 Jul 2025, at 13:57, Greg
Wooledge &lt;greg@wooledge.org&gt; wrote:</div><br class="Apple-interchange-newline"><div><div>On Wed, Jul 30, 2025 at 14:30:56 +0200, Oleg Goncharov wrote:<br><blockquote type="cite">One of the things that surprised me is that Debian ships with
components<br>like ssh and related services (such as sslh) by default,<br></blockquote><br>Huh? &nbsp;What are you talking about?<br><br>An ssh server is *not* installed by default, and I don't even know<br>what "sslh" is.<br><br><blockquote type="cite">
wh

On Wed, 30 Jul 2025 17:28:05 +0200
Detlef Vollmann <dv@vollmann.ch> wrote:

On 7/30/25 15:18, John Dow wrote:

Further to this, I’d be completely unsurprised is fully 99.9% of
Linux users consider an SSH client essential. Which is why it’s
installed by default.

It’s worth bearing in mind that while Linux is becoming more and
more useful to Windows users, Linux is not Windows.

Just as a data point: Windows ships these days with an SSH client as
well...

I don't believe the OP sees the client as an issue. It is not a daemon,
it can simply be ignored, and it is not a security risk. I always
install the Telnet client, for quick and dirty troubleshooting, but
rarely use it.

Presumably the OP installed without using the Expert mode, as a
beginner might, and was not offered the choice of installing sshd. I
don't know, I made the mistake of using the non-Expert installer once,
and ended up with no networking, and I've never used it since.

Certainly the Expert mode offers the choice of sshd or not. Again I
don't recall, but I think if the task 'ssh server' is selected, it
is enabled by default and must use the normal account passwords for
security, as there is no other method enabled. It might be possible to
improve on this, without making remote installation impossible.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Wed, Jul 30, 2025 at 06:04:13PM +0100, Joe wrote:

I was going to add that the default sshd installation does leave it
open to brute-force password attacks.

sshd is not installed by default though.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 30 Jul 2025 18:00:21 +0100
Joe <joe@jretrading.com> wrote:

On Wed, 30 Jul 2025 17:28:05 +0200
Detlef Vollmann <dv@vollmann.ch> wrote:

On 7/30/25 15:18, John Dow wrote:

Further to this, I’d be completely unsurprised is fully 99.9% of
Linux users consider an SSH client essential. Which is why it’s installed by default.

It’s worth bearing in mind that while Linux is becoming more and
more useful to Windows users, Linux is not Windows.

Just as a data point: Windows ships these days with an SSH client as well...

I don't believe the OP sees the client as an issue. It is not a
daemon, it can simply be ignored, and it is not a security risk. I
always install the Telnet client, for quick and dirty
troubleshooting, but rarely use it.

Presumably the OP installed without using the Expert mode, as a
beginner might, and was not offered the choice of installing sshd. I
don't know, I made the mistake of using the non-Expert installer once,
and ended up with no networking, and I've never used it since.

Certainly the Expert mode offers the choice of sshd or not. Again I
don't recall, but I think if the task 'ssh server' is selected, it
is enabled by default and must use the normal account passwords for
security, as there is no other method enabled. It might be possible to improve on this, without making remote installation impossible.

Sorry, sent accidentally, I was going to add that the default sshd
installation does leave it open to brute-force password attacks.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 30 Jul 2025 17:39:35 +0000
Andy Smith <andy@strugglers.net> wrote:

Hi,

On Wed, Jul 30, 2025 at 06:04:13PM +0100, Joe wrote:

I was going to add that the default sshd installation does leave it
open to brute-force password attacks.

sshd is not installed by default though.

It would seem to have been installed by the OP, wittingly or otherwise.
I suspect, coming from Windows, he will not know the necessity of
removing password authentication, and nor would most new users. He
acknowledges that it is a security risk.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 2025-07-30 at 18:00 +0100, Joe wrote:

I always install the Telnet client, for quick and dirty
troubleshooting, but rarely use it.

You should not (ab)use a telnet client for anything but to connect to
something that implements the telnet protocol (which is rare these
days).

If you want to troubleshoot other protocols using a generic, protocol-
neutral connection, you should use a tool like netcat/nc (which has
several implementations included in Debian) or socat (which has more
features, but can also be used for this purpose), or similar.


--
Jan Claeys

(please don't CC me when replying to the list)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)