Security : missing firewall, annouced OSMC device


Why there is no firewall installed ? (I know why : for no problems with end user, but it’s a security hole, particulary with activated IPv6)

Why do you annouce “OSMC” before login in with SSH ?
I think it gives a good indication of the OS for the attacker, and because end user was never prompt to change the default password, I think it’s a big security issue…


We did it with Raspbmc and this caused a lot of problems. If you want to put OSMC in front of a front-facing network you can easily install iptables and secure it.

Again, OSMC is intended for the use in a private network, but you can easily edit /etc/ssh/sshd_config and change when the MOTD is displayed