On Fri, Sep 28, 2012 at 5:22 PM, William "Chops" Westfield wrote: > [...] Pown'd [...] > My goodness, Mr. Westfield! You are a grown man! ---- If you guys think security in this case is paramount, you're forgetting that it's no more secure having a normal account and exposing it via SSH. As long as there's a default set of passwords and ssh is enabled at all, the device is equally as vulnerable. Disabling root SSH login but enabled for normal users is just an illusion of security. Given the context here, - A significant number of people (if not the majority) still use monitors/keyboards/technology that is not modern (that is, not HDMI, USB, etc.), but pretty much everyone uses 10/100/1000 type Ethernet. For example, a large number of schools in India still use VGA monitors and PS/2 keyboards and mice, but use Ethernet that can plug into the board. - It is an embedded development board, not a public server. - Initial usage is on a local (trusted) network. Those who want to expose it to a public network are already aware of their purpose and that they should ensure security. It is probably not an unreasonable thing to do to enable initial SSH login somehow so as not to force people to waste time modifying their image. But you're all right that on PRINCIPLE, it is correct to leave sshd disabled for all accounts by default, not just the root. In this case, Arch Linux did it right by disabling ALL remote access. Only the person with physical access is able to log in. A better way is to auto-configure root password on initial boot to something random and flash the LEDs to display the password. That way, the person who physically owns the device can login with a password that only he knows (by looking at the status LEDs). In either case, there should be a way to log in through the network somehow= .. --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .