SSH and the Ubuntu Server

Robbie Williamson robbie at ubuntu.com
Thu Nov 18 16:07:45 GMT 2010 

On Wed, 2010-11-17 at 15:38 -0600, Dustin Kirkland wrote:
> This proposal requests that:
> 1) a new prompt be added to the Ubuntu Server installer

Having gone through the install of RHEL, SLES, CentOS, Debian, and
Ubuntu this past week, I don't think adding this is a big deal.  I our
install will still be one of the shortest (in terms of user required
actions).  With that said, I think we should definitely re-assess the
Server install experience, to determine if we are meeting the needs of
both the expert and novice Ubuntu Server user.

>  2) this prompt be dedicated to the boolean installation, or
> non-installation, of the SSH service, as an essential facet of a
> typical server

No problems here to me.

>  3) the cursor highlights the affirmative (yes, please install SSH),
> but awaits the user's conscious decision 

No problems here either, however I can see the uneasiness with
defaulting to "Yes", as the default install will now be vulnerable to
attack.  My question is this:  

        What are our obligations in terms of "protecting" users from
        themselves?  
        
We don't enable the firewall by default and other distros do...we prompt
installers to setup a non-root user account, while other distros let you
log right in as root...we enable the networking adapters by default,
while other distros don't.  My point is that I don't think there is a
right or wrong answer here...it's just opinion.  As far as the "No Open
Ports" policy, maybe it's time we re-evaluate it...maybe we make a
distinction between Ubuntu Desktop and Ubuntu Server...I dunno. Anyway,
that's my .02 on the topic.  I suspect we'll have to goto the TB on the
"Yes" or "No" portion anyway.

-Robbie

-- 
Robbie Williamson                                     robbie at ubuntu.com
Ubuntu                                         robbiew[irc.freenode.net]                               

"You can't be lucky all the time, but you can be smart everyday" 
 -Mos Def

"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)

More information about the ubuntu-devel mailing list