Summarizing yesterday's discussion with the Security Team:
- we would like password auth disabled by default on installation of
openssh-server via the server image, just as via the cloud image
- the admin can set up password auth post-install
- (optional) this can be a debconf question, so that the admin can pre-seed
enabling of password auth at install time.
- with the above requirements met, the Security Team is ok with having
openssh-server installed by default, and listening on port 22, on a server
install as well as on a cloud image.
- no requirements were expressed on the behavior of openssh-server if manually
installed by the admin post installation.
- (optional) ideally, the openssh-server systemd units would be adjusted for
lazy socket-based activation, so that this is not an additional server process
running (and taking up swap space / process table space) until asked for.
Opening a task on the openssh package.
** Also affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1576353
Title:
install openssh-server by default, prompt for enabling it on server
iso install
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-cdimage/+bug/1576353/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
