# [arch-releng] [RFC] Enable headless installation

Gerardo Exequiel Pozzi vmlinuz386 at yahoo.com.ar
Fri Oct 26 10:11:32 EDT 2012

On 10/26/2012 06:51 AM, Pierre Schmitz wrote:
> Am 26.10.2012 04:32, schrieb Gerardo Exequiel Pozzi:
>> Implements FS#32064
>>
>> Feedback is really welcomed :)
> I think we should not implement this feature request. For headless
> installations you should use a serial console or an equivalent setup.
> Starting up sshd and hoping for the best is too fragile to actually
> really support this scenario.
>
> But the biggest concern is security here. We open up a password-less
> root access here without telling the user or giving him any control over
> it. This might not be a big deal on your local lan, but it is a big
> issue if you are on e.g. an university network, a conference or even
> worse: you want to setup a new server which is directly connected to the
> net. Knowing that bots are constantly scanning for open or weak ssh
> servers this risk is not that esoteric.
>
> To sum things up: Our iso should try to be least intrusive as possible.
> Do not alter any settings on the host system and do not listen on any
> port.
>
> Greetings,
>
> Pierre
>