SSH and the Ubuntu Server

Scott Moser smoser at
Fri Nov 19 15:13:42 UTC 2010

Sorry if anyone gets dupes of the message below.
I sent from a phone, and its sitting (i think) in moderator limbo.

On Nov 18, 2010, at 10:49 AM, Marc Deslauriers <marc.deslauriers at> wrote:

> Hello,
>>> Please consider that the very definition of a "server" implies that
>>> the system is running a "service".  Moreover, our official Ubuntu
>>> Server images as published for the Amazon EC2 cloud are, in fact,
>>> running SSH by default listening on port 22 on the unrestricted
>>> Internet (the 'ubuntu' has no password), and the Ubuntu Enterprise
>>> Cloud installation by the very same ISO installs SSH on every every
>>> UEC system deployed.  This is not unprecedented.
> As far as I recall, EC2 opens the ssh port from your ip address only,
> and authenticates using certificates and not passwords.

the default EC2 security group firewalls the machine completely. The user
takes explicit action to open port 22 (euca-authorize). the same is true
for UEC.

> Actually, now that you mention it, we should probably disable SSH
> password authentication by default in the EC2 images...

Instances of the official images have exactly zero users that have a
password set. Password auth is allowed, but useless until the user sets a

on boot, the public key specified at launch is pulled from the metadata
service and inserted into the 'ubuntu' users authorized keys.

the corresponding private key is the only way in.

More information about the ubuntu-server mailing list