{"id":31884,"date":"2021-03-15T16:24:07","date_gmt":"2021-03-15T20:24:07","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31884"},"modified":"2023-10-25T09:34:11","modified_gmt":"2023-10-25T13:34:11","slug":"mac-software-updates-open-up-sshd","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/03\/15\/mac-software-updates-open-up-sshd\/","title":{"rendered":"Mac Software Updates Open Up sshd"},"content":{"rendered":"

Rachel Kroll<\/a> (Hacker News<\/a>):<\/p>\n

A couple of weeks ago, I read a\npost<\/a>\nabout how the “sealed system” on Big Sur was hurting people. I kind of \nskimmed through it and figured it was mostly complaining about the \nsize of the download. For whatever reason, that hadn’t been a problem \nfor me and my machines, so I kind of wrote it off.<\/p>

Last night, I applied the latest security patches to arrive at Big Sur version 11.2.3, and realized that I should have paid more attention to that thing. It explained something that I had been noticing for a while: my Apache config would keep reverting.<\/p>

[…]<\/p>

Why would it matter if the sshd config got reverted? Simple: it’s because the stock Mac sshd install includes password-based auth, and that means someone can brute-force their way onto your machine if they can connect to it on port 22 for long enough.<\/p><\/blockquote>\n\n

I don’t understand how this would be caused by the SSV, and there’s a report that it’s actually been happening since Catalina<\/a>. Big Sur updates are also removing the command-line developer tools<\/a>, although this is also not due to the SSV, as far as I know.<\/p>\n\n

Previously:<\/p>\n