Or simply have a page asking the user whether or not to enable ssh?
I
can't recall off the top of my head, but I believe there is a
screen
where you ask if you want the firewall enabled, right?
Why not
have a
very obvious checkbox: "[ ] Enable ssh at
boot" and
if the user checks
it off, set the firewall to
allow ssh and turn ssh on. If the
user does
_not_ check it off
(aka they are sitting back and saying
"what is this
ssh
thing they speak of?") then have the firewall block
port 22 and
chkconfig ssh off.
Isn't that only part of the
solution? Why would we ever need to have PermitRootLogin to
true? My memory is a little rusty but I'm pretty sure the install
forces the creation of a user account.
I've never done a
headless install so I know nothing about how that works. However, we
shouldn't let a minority of installations compromise the security of the
majority. As someone has already pointed out, can't they have a
different spin to allow whatever they might need?
Are there any
other services that are listening by default and allowed through the
firewall? I believe there should be none of either. However, I
have been called paranoid in the past. :)
---
Will
Y>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.