I have done a fresh installation of etch RC2 release, in order
to set up a server for home use one a x86 box which I
constantly try out different distributions.

I have selected a few tasks in addition to default selection
such as file server, etc. during the installation.
The / partition is a fresh start, while /home is reusing
the data partition I always use.
After installation most of things seems to be ok and
etch is up and running.

However I found a little problem. Since it is a server, I
try to connect from another box with SSH and it was
refused. I found out the problem was that the SSH server
was not installed. Only openssh client was installed,
not the server. I have to manually apt-get the openssh server
and install it.

My question is if this is a feature or bug?
I have done numerous installations of different distributions
including sarge and woody. I did not remember once I have
to install ssh server manually after a standard installation,
or my memory betrays me?

Anyway, it is quite inconvenient. There is nowhere a message
telling me to install the openssh-server when encountering such
problem. One could in guess many ways with the refusal for connection,
such as firewall blocking. And connecting to a server or even
a desktop client with remote login should be a very basic requirement.

Tim Yang


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 29, 2007 at 10:46:25AM +0800, Tim Yang wrote:
> I have done a fresh installation of etch RC2 release, in order
> to set up a server for home use one a x86 box which I
> constantly try out different distributions.
>
> I have selected a few tasks in addition to default selection
> such as file server, etc. during the installation.
> The / partition is a fresh start, while /home is reusing
> the data partition I always use.
> After installation most of things seems to be ok and
> etch is up and running.
>
> However I found a little problem. Since it is a server, I
> try to connect from another box with SSH and it was
> refused. I found out the problem was that the SSH server
> was not installed. Only openssh client was installed,
> not the server. I have to manually apt-get the openssh server
> and install it.
>
> My question is if this is a feature or bug?
> I have done numerous installations of different distributions
> including sarge and woody. I did not remember once I have
> to install ssh server manually after a standard installation,
> or my memory betrays me?
>
> Anyway, it is quite inconvenient. There is nowhere a message
> telling me to install the openssh-server when encountering such
> problem. One could in guess many ways with the refusal for connection,
> such as firewall blocking. And connecting to a server or even
> a desktop client with remote login should be a very basic requirement.
>
> Tim Yang
Debian's philosophy is something like this: provide what's minimal,
dont step on customized configs, packages should be configured for the
most common use-case after being installed, provide stable software,
allow in-place upgrades. So its a feature. You are welcomed to ask the
openssh server maintainer why it is not there, that would provide an
answer. Debian developers go throught discussions about these kinds of
issue and it may be found in a thread on debian-devel or a list related
to ssh on lists.debian.org.
- --
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to Debian! |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGCzowv8UcC1qRZVMRAiqLAKCSBG/80sYAPhdopvs5qLBLDXuxmACfSKlX
nBK9TclDwFIjxBK1YpKhEj0=
=bsrj
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Tim Yang:
>
> However I found a little problem. Since it is a server, I
> try to connect from another box with SSH and it was
> refused. I found out the problem was that the SSH server
> was not installed. Only openssh client was installed,
> not the server. I have to manually apt-get the openssh server
> and install it.
>
> My question is if this is a feature or bug?

It depends on who you ask, probably. What's new in etch (and
definitely a feature) ist that openssh has been split into a -client and
-server package. This is a good thing since a lot of desktop users don't
need an SSH server on their machines. And I guess that's the reason for
openssh-server not being installed by default. But I agree that one
could still argue, that a task like "fileserver" is mostly used on
machines where an SSH server is most probably a good thing. On the other
hand, if "fileserver" depended on oppenssh-server, that might be
surprising, too.

This might be a candidate for the release notes. At first glance, I
couldn't find any information concerning openssh packaging changes in
the draft.

J.
--
In an ideal world I would cure poverty and go to the gym at least three
days a week.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGC3e3+AfZydWK2zkRAs4hAKCaBPromxytJmfRDSVuA3 06M4bloACgr6FJ
2V6uyBwfmgqE04Jc3rwOqR0=
=K6DP
-----END PGP SIGNATURE-----

On Thu, Mar 29, 2007 at 10:46:25AM +0800, Tim Yang wrote:
>
> However I found a little problem. Since it is a server, I
> try to connect from another box with SSH and it was
> refused. I found out the problem was that the SSH server
> was not installed. Only openssh client was installed,
> not the server. I have to manually apt-get the openssh server
> and install it.
>
> My question is if this is a feature or bug?
>

It is neither, it is just how Debian does things. Most users don't
need an SSH server installed, and that only opens up their computers
to outside attacks (Now I wonder why other distros even had it
installed), which is the most probable reason why it was removed.

I mean, how many people use SSH servers on a daily basis (I bet loads
do, but I'd assume most don't). And how many people actually run a
server on their local computer (Besides Apache, which I'm sure almost
everybody runs). Putting an SSH server into a new installation without
an iptables configuration is really begging to be attacked.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

One thing I could not straight out is which task can
actually install the openssh server? If the openssh server
can not be installed by standard task selection,
then this could be listed as a bug, since it would
be difficult for people who actually need this service
to find out what to do.
I did some searching before finding out what to do.
First I have to know there is something called
openssh server. I tried sshd and did not find the
package. Search with simply ssh revealed this
arrangement.

Tim Yang

2007/3/29, Jochen Schulz <ml@well-adjusted.de>:
> Tim Yang:
> >
> > However I found a little problem. Since it is a server, I
> > try to connect from another box with SSH and it was
> > refused. I found out the problem was that the SSH server
> > was not installed. Only openssh client was installed,
> > not the server. I have to manually apt-get the openssh server
> > and install it.
> >
> > My question is if this is a feature or bug?
>
> It depends on who you ask, probably. What's new in etch (and
> definitely a feature) ist that openssh has been split into a -client and
> -server package. This is a good thing since a lot of desktop users don't
> need an SSH server on their machines. And I guess that's the reason for
> openssh-server not being installed by default. But I agree that one
> could still argue, that a task like "fileserver" is mostly used on
> machines where an SSH server is most probably a good thing. On the other
> hand, if "fileserver" depended on oppenssh-server, that might be
> surprising, too.
>
> This might be a candidate for the release notes. At first glance, I
> couldn't find any information concerning openssh packaging changes in
> the draft.
>
> J.
> --
> In an ideal world I would cure poverty and go to the gym at least three
> days a week.
> [Agree] [Disagree]
> <http://www.slowlydownward.com/NODATA/data_enter2.html>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGC3e3+AfZydWK2zkRAs4hAKCaBPromxytJmfRDSVuA3 06M4bloACgr6FJ
> 2V6uyBwfmgqE04Jc3rwOqR0=
> =K6DP
> -----END PGP SIGNATURE-----
>
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

I agree it could be good for secuirity, but it was
not implemented before.
Every distribution I used such as Fedora, SUSE,
and even sarge installed ssh server
by default and people using the service never have
to think about how to do when the service vanished.
Now it is changed so there might be some consequences
needing attention.

Tim Yang

2007/3/29, Michael Pobega <pobega@gmail.com>:
> On Thu, Mar 29, 2007 at 10:46:25AM +0800, Tim Yang wrote:
> >
> > However I found a little problem. Since it is a server, I
> > try to connect from another box with SSH and it was
> > refused. I found out the problem was that the SSH server
> > was not installed. Only openssh client was installed,
> > not the server. I have to manually apt-get the openssh server
> > and install it.
> >
> > My question is if this is a feature or bug?
> >
>
> It is neither, it is just how Debian does things. Most users don't
> need an SSH server installed, and that only opens up their computers
> to outside attacks (Now I wonder why other distros even had it
> installed), which is the most probable reason why it was removed.
>
> I mean, how many people use SSH servers on a daily basis (I bet loads
> do, but I'd assume most don't). And how many people actually run a
> server on their local computer (Besides Apache, which I'm sure almost
> everybody runs). Putting an SSH server into a new installation without
> an iptables configuration is really begging to be attacked.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Mar 29, 2007 at 07:14:02PM +0800, Tim Yang wrote:
> I agree it could be good for secuirity, but it was
> not implemented before.
> Every distribution I used such as Fedora, SUSE,
> and even sarge installed ssh server
> by default and people using the service never have
> to think about how to do when the service vanished.
> Now it is changed so there might be some consequences
> needing attention.
>
> Tim Yang
>

Well it's easy to install it anyway. Takes 10 seconds.

pobega@ackbar /home/pobegA
> aptitute search ssh | grep server
p openssh-server - Secure shell server
v ssh-server


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Pobega wrote:
> On Thu, Mar 29, 2007 at 07:14:02PM +0800, Tim Yang wrote:
>> I agree it could be good for secuirity, but it was
>> not implemented before.
>> Every distribution I used such as Fedora, SUSE,
>> and even sarge installed ssh server
>> by default and people using the service never have
>> to think about how to do when the service vanished.
>> Now it is changed so there might be some consequences
>> needing attention.
>>
>> Tim Yang
>>
>
> Well it's easy to install it anyway. Takes 10 seconds.
>
> pobega@ackbar /home/pobegA
>> aptitute search ssh | grep server
> p openssh-server - Secure shell server
> v ssh-server
>
>

slight spelling mistake there. You mean aptitude.

apt-cache search server yields a bit more, actually far too much to list
here and still have a readable message but even grepping it yields more
than that:

joe@lr32:~$ apt-cache search server | grep ssh
aolserver4-nssha1 - AOLserver4 module: performs SHA1 hashes
denyhosts - an utility to sys admins thwart ssh hackers
jta - Java telnet/ssh applet
libganymed-ssh2-java - pure Java implementation of the SSH-2 protocol
openssh-server - Secure shell server, an rshd replacement
scanssh - get SSH server versions for an entire network
ssh - Secure shell client and server (transitional package)
ssh-krb5 - Secure shell client and server (transitional package)
sshfs - filesystem client based on SSH File Transfer Protocol
sshm - A command-line tool to manage your ssh servers

Needless to say, it isn't hard to find, but one needs to know to look
for it. I agree that it shouldn't be installed by default, and people
who try to ssh to the machine will figure out quickly that there is no
ssh server present, and can easily remedy the situation, but the
administrator must have some knowledge of how to search for package.

I suppose one should have some idea how to network administration before
setting up a network server in the first place, and it does to read
the documentation.

Joe

- --
Registerd Linux user #443289 at http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGC7JJiXBCVWpc5J4RArK3AJ0b7hBN2YKmbrF2Q4CFk2 x6t1mTWwCgjNeN
N5sV/oxO1Sn+Aj4M6VzEtWI=
=lEZ6
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, 29 Mar 2007 07:07:21 -0400
Michael Pobega <pobega@gmail.com> wrote:

[snip]

> I mean, how many people use SSH servers on a daily basis (I bet loads
> do, but I'd assume most don't). And how many people actually run a
> server on their local computer (Besides Apache, which I'm sure almost
> everybody runs). Putting an SSH server into a new installation without

I doubt this. I don't generally run a web server, and if / when I do,
it's thttpd or lighttpd.

Celejar


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Mar 29, 2007 at 02:34:17PM +0200, Joe Hart wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Pobega wrote:
> > On Thu, Mar 29, 2007 at 07:14:02PM +0800, Tim Yang wrote:
> >> I agree it could be good for secuirity, but it was
> >> not implemented before.
> >> Every distribution I used such as Fedora, SUSE,
> >> and even sarge installed ssh server
> >> by default and people using the service never have
> >> to think about how to do when the service vanished.
> >> Now it is changed so there might be some consequences
> >> needing attention.
> >>
> >> Tim Yang
> >>
> >
> > Well it's easy to install it anyway. Takes 10 seconds.
> >
> > pobega@ackbar /home/pobegA
> >> aptitute search ssh | grep server
> > p openssh-server - Secure shell server
> > v ssh-server
> >
> >
>
> slight spelling mistake there. You mean aptitude.
>
> apt-cache search server yields a bit more, actually far too much to list
> here and still have a readable message but even grepping it yields more
> than that:
>
> joe@lr32:~$ apt-cache search server | grep ssh
> aolserver4-nssha1 - AOLserver4 module: performs SHA1 hashes
> denyhosts - an utility to sys admins thwart ssh hackers
> jta - Java telnet/ssh applet
> libganymed-ssh2-java - pure Java implementation of the SSH-2 protocol
> openssh-server - Secure shell server, an rshd replacement
> scanssh - get SSH server versions for an entire network
> ssh - Secure shell client and server (transitional package)
> ssh-krb5 - Secure shell client and server (transitional package)
> sshfs - filesystem client based on SSH File Transfer Protocol
> sshm - A command-line tool to manage your ssh servers
>
> Needless to say, it isn't hard to find, but one needs to know to look
> for it. I agree that it shouldn't be installed by default, and people
> who try to ssh to the machine will figure out quickly that there is no
> ssh server present, and can easily remedy the situation, but the
> administrator must have some knowledge of how to search for package.
>
> I suppose one should have some idea how to network administration before
> setting up a network server in the first place, and it does to read
> the documentation.
>
> Joe

I disagree about people who don't know what they are doing. I like
Debian for many reasons. An important reason is that I can try to do
things that I don't know how to do, and learn. Sometimes when I try, I
also complain when my ignorance leads me to believe that something in
Debian should different. Sometimes, I have to argue a bit before I
realize the error of my argument.

Tim should realize that installing ssh server without proper
configuration is not something that any distribution should ever
do. The Debian alternative is, perhaps, more difficult than he would like,
but I expect he will learn to live with an alternative.

Whether the current Debian alternative is the best, is a reasonable
topic of discussion. I can't contribute to that discussion. But I have
confidence that whatever changes are made, they will not be the result
of unthinking copying of the way some other distribution deals with the
issue.

Again, thanks to all the people on this list who have treated me politely
when I have made similar complaints.
--
Paul E Condon
pecondon@mesanetworks.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul E Condon wrote:
[snip]
>> I suppose one should have some idea how to network administration before
>> setting up a network server in the first place, and it does to read
>> the documentation.
>>
>> Joe
>
> I disagree about people who don't know what they are doing. I like
> Debian for many reasons. An important reason is that I can try to do
> things that I don't know how to do, and learn. Sometimes when I try, I
> also complain when my ignorance leads me to believe that something in
> Debian should different. Sometimes, I have to argue a bit before I
> realize the error of my argument.

Point taken. That is a valid reason. That is the same reason I
switched from Kubuntu to Debian in the first place. To learn how and
what the system was doing and disagreeing with the fact that things
should be made simpler to make them more user friendly, and hide
functionality in the process.

> Tim should realize that installing ssh server without proper
> configuration is not something that any distribution should ever
> do. The Debian alternative is, perhaps, more difficult than he would like,
> but I expect he will learn to live with an alternative.

Fully agree here.

> Whether the current Debian alternative is the best, is a reasonable
> topic of discussion. I can't contribute to that discussion. But I have
> confidence that whatever changes are made, they will not be the result
> of unthinking copying of the way some other distribution deals with the
> issue.

I don't know about that, but we can hope. At least here it is democratic.

> Again, thanks to all the people on this list who have treated me politely
> when I have made similar complaints.

I second that.

Joe
- --
Registerd Linux user #443289 at http://counter.li.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGC+48iXBCVWpc5J4RApORAKCM1i31sefW8bEtyYmS/22j2sSAEwCffNuQ
1SoOES6XGs/5R6SjbQ/m1xM=
=ZWfh
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, Mar 29, 2007 at 02:34:17PM +0200, Joe Hart wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Pobega wrote:
> > On Thu, Mar 29, 2007 at 07:14:02PM +0800, Tim Yang wrote:
> >> I agree it could be good for secuirity, but it was
> >> not implemented before.
> >> Every distribution I used such as Fedora, SUSE,
> >> and even sarge installed ssh server
> >> by default and people using the service never have
> >> to think about how to do when the service vanished.
> >> Now it is changed so there might be some consequences
> >> needing attention.
> >>
> >> Tim Yang
> >>
> >
> > Well it's easy to install it anyway. Takes 10 seconds.
> >
> > pobega@ackbar /home/pobegA
> >> aptitute search ssh | grep server
> > p openssh-server - Secure shell server
> > v ssh-server
> >
> >
>
> slight spelling mistake there. You mean aptitude.
>
> apt-cache search server yields a bit more, actually far too much to list
> here and still have a readable message but even grepping it yields more
> than that:
>
> joe@lr32:~$ apt-cache search server | grep ssh
> aolserver4-nssha1 - AOLserver4 module: performs SHA1 hashes
> denyhosts - an utility to sys admins thwart ssh hackers
> jta - Java telnet/ssh applet
> libganymed-ssh2-java - pure Java implementation of the SSH-2 protocol
> openssh-server - Secure shell server, an rshd replacement
> scanssh - get SSH server versions for an entire network
> ssh - Secure shell client and server (transitional package)
> ssh-krb5 - Secure shell client and server (transitional package)
> sshfs - filesystem client based on SSH File Transfer Protocol
> sshm - A command-line tool to manage your ssh servers
>
> Needless to say, it isn't hard to find, but one needs to know to look
> for it. I agree that it shouldn't be installed by default, and people
> who try to ssh to the machine will figure out quickly that there is no
> ssh server present, and can easily remedy the situation, but the
> administrator must have some knowledge of how to search for package.
>
> I suppose one should have some idea how to network administration before
> setting up a network server in the first place, and it does to read
> the documentation.
>
> Joe
>

Yes yes, I am using TCSH as a shell so it automatically corrected me
and I didn't notice it.

And I cut down the results because there was no need to show /all/ of
the packages, but yeah, the overall point is still proven. It isn't
hard at all to install it, just a quick apt-get away.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org