Symptom
SSH is enabled and listening immediately on boot with password authentication. Any device on the network can attempt to connect.
Root Cause
01-setup-system.chroot explicitly enables SSH (systemctl enable ssh) and sets a default password for neuraldrive-admin. This was done for development/debugging convenience but is not appropriate for production.
Expected Behavior
SSH should be disabled by default. The first-boot TUI wizard should offer to enable SSH and set credentials as part of the setup flow. Until the user explicitly opts in, the system should not be remotely accessible.
Suggested Fix
- Change
systemctl enable ssh back to systemctl disable ssh in 01-setup-system.chroot
- Add SSH enablement to the TUI first-boot wizard (e.g., a step that asks "Enable SSH?" and sets password/keys)
- Consider requiring key-based auth by default when SSH is enabled, with password auth as an explicit opt-in
Symptom
SSH is enabled and listening immediately on boot with password authentication. Any device on the network can attempt to connect.
Root Cause
01-setup-system.chrootexplicitly enables SSH (systemctl enable ssh) and sets a default password forneuraldrive-admin. This was done for development/debugging convenience but is not appropriate for production.Expected Behavior
SSH should be disabled by default. The first-boot TUI wizard should offer to enable SSH and set credentials as part of the setup flow. Until the user explicitly opts in, the system should not be remotely accessible.
Suggested Fix
systemctl enable sshback tosystemctl disable sshin01-setup-system.chroot