SSH and the Ubuntu Server

Stephan Hermann sh at sourcecode.de
Fri Nov 19 09:22:48 GMT 2010 

Moins,

On Thu, 2010-11-18 at 12:24 -0500, Luke Faraone wrote:
> On 11/18/2010 12:04 PM, Dustin Kirkland wrote:
> > On Thu, Nov 18, 2010 at 9:30 AM, Colin Watson <cjwatson at ubuntu.com> wrote:
> >> No, it's not.  In Maverick it was arguably buried.  In Natty, it is the
> >> very top entry on the tasksel menu, and the cursor rests on it when you
> >> reach that screen.
> > [snip]
> >
> > I would gladly revise this proposal to simply:
> >  * Automatically 'tick' OpenSSH Server by default on the Server Tasksel screen
> > 
> > Which would also sit there and wait for the user to consciously affirm
> > their selection, and would avoid the countless server installations
> > where people forget to install SSH and must make their way back to a
> > console on their newly installed system and add the openssh-server
> > package.
> 
> As many people have mentioned, this will cause a surprise for users who
> click through the install dialogs expecting things to not change since
> they last used it.

Sorry, but this is something which strucks me, really. When we don't
change things over time, we will never  have a better user experience.
When we change something it needs to be documented in a public place
where everyone interested can read it first hand.

> 
> Also, since this occurs late in the install process, no dialogs to
> prompt the user to harden their password can be offered, as others have
> suggested.

Oh well, we can change that inside the installer as well. Not prompting
for a user choice, but choosing a hardened password automatically and
showing it to the user
mkpasswd --chars=20 --crypt-md5 or whatever should be enough. that's
only a technical problem easily to solve.


> You say there are "countless" installations. I don't think anybody
> expects SSH to be automatically installed in a new server; it's a
> service that should be enabled carefully after consideration of your
> network environment and security needs. I feel that the potential for
> harm of accidental installation exceeds the increase in convenience from
> not having to explicitly select the task.

I think we have more installations of RHEL or SLES in the enterprise
server market, and they do have sshd enabled by default.
Even when you install an VMWare ESX host, ssh is enabled by default,
without the questionable root access. 

Regards,

\sh
-- 
Stephan '\sh' Hermann
SysAdmin / Ubuntu Developer
xmpp: sh at sourcecode.de

More information about the ubuntu-devel mailing list