We did consider this but I think shorting pins jumper is more risky and has the potentially to go very badly wrong if a user accidentally shots the wrong pins. Also accessing the GPIO pins can require fully disassembling the unit. Removing the SD card to creating a
/boot/ssh file is easier and much safer IMO.
I was keen to avoid the increased attack vector of allowing SSH to be enabled via the web. This is not to say that it’s not impossible to implement in a secure method.
Interesting idea, however it’s well publicised that within seconds of being connected to a network with an open port onto the web a machine receives botnet attempted logins. For the sake of the minimal effort required to push the button for 5s or create a file on the SD card I think it’s worthwhile for the added security of having SSH disabled right from the beginning. Especially since I already mentioned the vast majority of users will never need or want to use SSH.
This is a good idea.
Just to clarify, emonSD / emonBase does not require SSH access to use Emoncms. Even on first boot the user can log in directly to Emoncms via web browser and create a user account. All configuration of emonhub, WiFi etc can be done via a web browser. If no Ethernet connection is available the unit will start a Wifi AP to allow the WiFi to be configured, see the user setup guide: