SSH and the Ubuntu Server

Ubuntu ssmoser at gmail.com
Fri Nov 19 00:41:56 GMT 2010



On Nov 18, 2010, at 10:49 AM, Marc Deslauriers <marc.deslauriers at canonical.com> wrote:

> Hello,
> 
>>> 
>>> Please consider that the very definition of a "server" implies that
>>> the system is running a "service".  Moreover, our official Ubuntu
>>> Server images as published for the Amazon EC2 cloud are, in fact,
>>> running SSH by default listening on port 22 on the unrestricted
>>> Internet (the 'ubuntu' has no password), and the Ubuntu Enterprise
>>> Cloud installation by the very same ISO installs SSH on every every
>>> UEC system deployed.  This is not unprecedented.
> 
> As far as I recall, EC2 opens the ssh port from your ip address only,
> and authenticates using certificates and not passwords.
> 

the default EC2 security group firewalls the machine completely. The user takes explicit action to open port 22 (euca-authorize). the same is true for UEC.

> Actually, now that you mention it, we should probably disable SSH
> password authentication by default in the EC2 images...

Instances of the official images have exactly zero users that have a password set. Password auth is allowed, but useless until the user sets a password.

on boot, the public key specified at launch is pulled from the metadata service and inserted into the 'ubuntu' users authorized keys.

the corresponding private key is the only way in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20101118/af252094/attachment-0001.htm 


More information about the ubuntu-devel mailing list