Sorry if anyone gets dupes of the message below. I sent from a phone, and its sitting (i think) in moderator limbo.
On Nov 18, 2010, at 10:49 AM, Marc Deslauriers <[email protected]> wrote: > Hello, > >>> >>> Please consider that the very definition of a "server" implies that >>> the system is running a "service". Moreover, our official Ubuntu >>> Server images as published for the Amazon EC2 cloud are, in fact, >>> running SSH by default listening on port 22 on the unrestricted >>> Internet (the 'ubuntu' has no password), and the Ubuntu Enterprise >>> Cloud installation by the very same ISO installs SSH on every every >>> UEC system deployed. This is not unprecedented. > > As far as I recall, EC2 opens the ssh port from your ip address only, > and authenticates using certificates and not passwords. > the default EC2 security group firewalls the machine completely. The user takes explicit action to open port 22 (euca-authorize). the same is true for UEC. > Actually, now that you mention it, we should probably disable SSH > password authentication by default in the EC2 images... Instances of the official images have exactly zero users that have a password set. Password auth is allowed, but useless until the user sets a password. on boot, the public key specified at launch is pulled from the metadata service and inserted into the 'ubuntu' users authorized keys. the corresponding private key is the only way in. -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
