view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
That’s just good password security and reasonable.
See that qualifying word there? “Most”? That’s why they force SSH to be disabled and password changes. If you PERSONALLY can guarantee that no one will EVER put a freshly imaged RPi directly on the internet backed by a 10 million dollar/pound/euro guarantee per incident it still doesn’t matter; there’s still a need to change these defaults. I’ve seen the RPi’s deployed in a business environment and I 10000% know that vendors are fscking stupid and would leave default permissions enabled because they’re the lowest bidder.
It’s people like you why we have massive botnets due to default security measures being ignored by major manufacturers.
Good day sir.
Case in point: a number of years ago I knew a kid who was smart enough to flash Tomato on his router, enable SSH and even install a bunch of Entware packages. But he wasn't intelligent enough to change the SSH port from 22 or leave the remote access disabled.
Fast forward a month or two and his ISP tells him that they traced some pretty serious botnet shenanigans to his IP.
Just because someone is smart enough to use a device doesn't necessarily mean they're intelligent enough to use it safely.
Yes, that's my point, you don't need to disable it by default.
There are those things called licenses and liability liability waivers that are signed specially for those cases. The people doing deployments on business environment should know how to change password / use SSH keys and whatnot, if they don't that's not the Pi's problem.
By enabling people who shouldn't be configuring Pi boards in the first place you're are the one creating botnets. They might be saved by the fact that it doesn't have SSH enabled by default just to be hacked later on when they decide to run a
sudo wget ... | sh
.Making things easier has this downside, you protect people so much, they don't ever learn and then things go bad they can't handle it and the damage is way way worse.
Now you’re just a troll arguing in bad faith.
I SAID GOOD DAY SIR!