Stephan Hermann <[email protected]> wrote: > Hi Scott, > > On Fri, 2010-11-19 at 13:18 -0500, Scott Kitterman wrote: >> On Friday, November 19, 2010 12:02:33 pm Dustin Kirkland wrote: >> > Confirmed this on RHEL6 yesterday. I installed RHEL6 in multiple >> > different modes (minimal, default, developer workstation), all of >> > which a) were running sshd, b) had a root user with a password. >> >> Yes, but RHEL6 doesn't dhcp by default and Ubuntu Server does so the attack >> surface for a default RHEL6 install is rather more limited. > > To be honest, there is no difference in installing RHEL6 with a static > ip address or Ubuntu Server with DHCP enabled. > > I think we need to find out first, what user base we want to point at. > > The SysAdmin of a Company with Enterprise Classed Datacenter > or the guy/gal from around the corner who is testing ubuntu server? > > The SysAdmin will have network security in place (if not..oh well), and > mostly is he/she not using public IP addresses, and/or they setup their > DHCPd to match the MACs of the NICs inside their servers. > > I am now wondering if we really should change something. As long as I'm > thinking about the topic, I'm coming to my conclusion, that we just > should tick sshd by default during tasksel in the installer, and that's > it. For most of the admins out there, it really doesn't matter, because > they have other ways to deploy ubuntu server on their servers.
I agree, Stephan. The installer complexity can be avoided by just ticking the "OpenSSH Server" in the top of the tasksel page as you suggest; document that change thoroughly and publish it far and wide; note the stronger sshd.conf configurations from Marc and the security team in the SSH help page. Unfortunately, I don't think we're reaching a consensus here on ubuntu-de...@. I'm going to redraft the proposal, note that there was no general consensus on the matter in the ubuntu-devel@ mailing list, and ask the Tech Board for guidance. Thanks everyone for the lively discussion. :-Dustin -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
