Correct, when SSH is enabled via a long press of the LCD push button the user is presented with the default password and prompted to change it. It’s presumed that since the user chose to enable SSH they would change the default password as prompted to their own secure password. If a user did wish to disable SSH it’s just matter of running:
sudo update-rc.d ssh disable
sudo invoke-rc.d ssh stop
Leaving SSH enabled is not insecure as long as it’s got a strong unique password. It would be possible to extend the functionality of my push-and-hold feature to toggle SSH on/off if there was demand for this.
The goal for this feature was to move away from having SSH enabled with a default password. Only a small % of emonPi users will ever use SSH, in fact, most don’t know what SSH is! Those who choose to enable it will understand the importance of security with a unique strong password.
This issue was only accepting local network connections is that the emonPi is often connected to large educational and business networks it’s certainly a security risk for any local user on these networks to be able to connect into the emonPi then they would be able to connect to the rest of the network, this is obviously very insecure and not something most users would want. The default setting for all home routers is to have SSH port closed to the outside word.
Yes, enabling SSL for emonPi’s exposed on the internet would be really good. The issue is that the majority of users don’t expose their emonPi to the web directly, only accessing over a local network. SSL will not work on local machines without self-signed certs which will cause browsers to display worrying error messages.
Enabling SSL for all users by default is tricky. It would be best I think to put together a guide + script to help a user enable SSL if they did wish to open up their emonPi to the web.
DietPi is really nice, their current implementation of Emonhub posting to a remote Emoncms.org server works well. I discussed this with although I think running a full version of Emoncms with local logging is not compatible with how DietPi works. I discussed this a while back with the creator of DietPi.
This issue is that SD card is not easily user accessible on the emonPi, for emonBase users it’s possible to enable SSH by putting a file called ‘ssh’ in the ‘/boot’ partition. It would not be a bad idea to add a method for an emonBase user to configure wifi via a txt file although the current WiFi AP mode network setup wizard works well and is more convenient IMO.