Comment 4 for bug 1576353
Revision history for this message
| Steve Langasek (vorlon) wrote Re: install openssh-server by default, prompt for enabling it on server iso install | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Summarizing yesterday's discussion with the Security Team:
- we would like password auth disabled by default on installation of openssh-server via the server image, just as via the cloud image
- the admin can set up password auth post-install
- (optional) this can be a debconf question, so that the admin can pre-seed enabling of password auth at install time.
- with the above requirements met, the Security Team is ok with having openssh-server installed by default, and listening on port 22, on a server install as well as on a cloud image.
- no requirements were expressed on the behavior of openssh-server if manually installed by the admin post installation.
- (optional) ideally, the openssh-server systemd units would be adjusted for lazy socket-based activation, so that this is not an additional server process running (and taking up swap space / process table space) until asked for.
Opening a task on the openssh package.