If the OSMC device will not boot, then this still wouldn’t help. How could it detect a device that isn’t running?
Sorry, I skim a lot of posts due to volume.
Port 22 should be the only SSH accepting port. A portscan shouldn’t show much at all…
Sam
I see you aim higher, but this will open another port on OSMC, and you’ll have another program to secure. You already have more ideas than manpower. Just make sure you don’t do Ubuntu 
. I understand that you think to features first and security second. I just remembering you (by pushing thoughts into your mind) about the stuff I care about.
You are right. It will be useless if the device doesn’t boot. This is why you must make sure it boots. For network devices (without keyboard), if not for all devices, always boot should be a must.
For example, you could use a read-only (factory) kernel+initrd that boots the updatable kernel+packages. Some have replaced u-boot with Linux. It didn’t had a happy end, but still.
Sorry. I’ve missed the : character.[quote=“jim, post:19, topic:20766”]
Vero2 has a lot of open ports for: ssh (…), kodi (…), ntpd and avahi-daemon.
[/quote]
Kodi uses 4 ports: 8080, 1617, 1900, 2670. And I think I can make it listen on more, because I remember disabling DLNA-something. I don’t whine about this, I just point out that you have a lot of ports to auto-detect OSMC network devices with something like:
wget X:8080 -O- | grep '<title class=OSMC>Kodi'
We can have a recoverable kernel + initrd in /dev/recovery. If the kernel is not bootable or the user presses the recovery switch, we load our special imaging system with an open port. As it requires close proximity to the device, the potential for security risk is low. There would be a smal confirmation code to proceed with imaging.
This is actually quite quickly achievable. I am sure you have seen the installer is a kernel + ramdisk approach. We can use this for other projects.
I have no intention of the Canonical approach. I am still waiting on Mir…