Hi Scott, On Fri, 2010-11-19 at 13:18 -0500, Scott Kitterman wrote: > On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote: > > Confirmed this on RHEL6 yesterday. I installed RHEL6 in multiple > > different modes (minimal, default, developer workstation), all of > > which a) were running sshd, b) had a root user with a password. > > Yes, but RHEL6 doesn't dhcp by default and Ubuntu Server does so the attack > surface for a default RHEL6 install is rather more limited.
To be honest, there is no difference in installing RHEL6 with a static ip address or Ubuntu Server with DHCP enabled. I think we need to find out first, what user base we want to point at. The SysAdmin of a Company with Enterprise Classed Datacenter or the guy/gal from around the corner who is testing ubuntu server? The SysAdmin will have network security in place (if not..oh well), and mostly is he/she not using public IP addresses, and/or they setup their DHCPd to match the MACs of the NICs inside their servers. I am now wondering if we really should change something. As long as I'm thinking about the topic, I'm coming to my conclusion, that we just should tick sshd by default during tasksel in the installer, and that's it. For most of the admins out there, it really doesn't matter, because they have other ways to deploy ubuntu server on their servers. Regards, \sh -- Stephan '\sh' Hermann SysAdmin / Ubuntu Developer xmpp: [email protected] -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
