People who deploy professionally / on scale / create customs images for other things are tech savvy enough and know how to disable SSH - no need to have it disabled by default.
I think you’ve solved your own problem. The people that are savvy enough to do it know how to enable it and it’s not a real impact to them. But by disabling it, the people that don’t are protected. Which is why this is a standard practice across Linux distros.
None of this forces you to use their imager though… It’s barely a hoop, most people running multiple pi’s as servers will have done this for a reason other than ssh anyway.
And yes one solution to this security problem is to require changing the username and password, the more effective solution is to not have the process running at all, unless specifically enabled. I’m sure that sentence sounds familiar from your company’s security team.
Raspberry pi’s serve a lot of purposes, many of those purposes don’t need ssh. But if you enable it by default that opens the pi up to being a target, which we saw be a huge problem before this change.
Also, this is not the only distribution that has ssh disabled by default. It’s just the only popular distribution I’m aware of that doesn’t have a server image option 🤷♂️ it’s actually standard security procedure.
For example, if you install Ubuntu desktop, it’ll have ssh disabled, because it is standard. Pretty much any distro should do this as well as long as it’s not their “server” ISO.
In any case it’s a good practice to backup your images regardless of what hardware you’re running on, especially if you’re running a cluster, it allows for easy reproduction across the cluster.
I’ve already spoken about the “telemetry” but here’s your ssh login. Literally all the installer is doing is adding a blank file.
Then if you don’t want to do that every time, just create an image for it. That’s your new image to flash onto the SD cards.
There’s nothing stopping you from not using the imager. dd works just fine. There’s no telemetry on the OS itself, so here’s how you personally get what you’re looking for.
Also WRT telemetry: https://forums.raspberrypi.com/viewtopic.php?t=341514
The only telemetry is pertaining to what the imager is burning to the card. So if you don’t use the imager there’s no telemetry, if you use the imager but disable telemetry, there’s no telemetry, if you don’t disable it, it just sends back what you’re installing.
Point of order on the raspberry pi:
Here’s your Debian https://raspi.debian.net/tested-images/
This is self hosting… You’re telling me you or one of your friends don’t have a printer to print a case for less than a dollar? Shit, pay for shipping and I’ll send you a case.
PC for 1/10 of the performance and reliability.
That’s not my experience at all. I mean the other user already posted a PC you can buy for the same price as a pi. It’s about as good as a 4, the 5 is 3x that speed.
See the problem now?
or some janky USB setup
TIL nvme is a janky USB setup
https://www.jeffgeerling.com/blog/2023/nvme-ssd-boot-raspberry-pi-5
But if you actually check the numbers, that has pretty similar specs to the Pi4 but supports virtualization and has more ram. And the wyse runs on a real hard drive instead of an SD card or some janky USB setup.
But also general reply to that. Similar specs to the pi4, sure, but what about the 5 that is 3x as fast? It also has the same amount of RAM that the small 5 does. And by the way the link you posted, it runs off of an emmc drive… As in it’s effectively an SD card… Just, embedded. (Hence the “e”)
The raspberry pi, like all RISC chips, uses much less power.
In fact the super computer summit runs on powerpc64 which is a RISC chip, that’s a big reason why its power consumption for a super computer is so low.
Yeah, a second hand old as shit hp, that’ll die on you so quick. There’s a reason that hp is selling for so cheap. HP is garbage, unless you’re buying their actual servers…
Edit: also all the “cash grab” parts… you probably already have those parts just lying around doing nothing.
Oh, so like… A worthless fucking machine… Sure. You use that. Let me know how many minutes that lasts, on your fucking Celeron lmao
And in any case, that’s a used vs new … Like… bruh, their new ones start at 700… I can buy 14 pis for that…
I gave you an example of a $50 x86 PC
No you didn’t. You gave an example of a >= 200 x86 PC… So, like… That’s why I even suggested clustering. To match the cost of your claim.
Please learn to read. Again. I thought I wasn’t on Reddit anymore.
$50 for a pi. Not for clustering. For one. That’s it.
An X86 PC is gonna cost you hundreds. That’s how I can cluster rpi, for the same cost. I hope you now know how to do basic math.
You’ve got it backwards. A small x86 is a hundreds, and a rpi is 50… Like come on… Cost for performance isn’t even a question…
Y’all… I thought you’d be better at tech than Reddit… this is sad
Pass, I’ll take the cluster of raspberry pis for the same cost… For the purpose of self hosting my cluster is going to out perform your x86. Like why are you going to spend hundreds of dollars for an x86 that will do fine when you can spend $50 for a pi that will also do fine?
Then you can just cluster those pis and get redundancy
Just use raspberry pis and Linux. You’ll have better support.
All you have to do is look at the present… Android phones don’t have super long software support. Best you’re looking at is maybe 5 years. So, the user saying 10 years is well past that mark.
Bet. Give me puppies as a service.