indeed. Windows has come a long way too. I'm not the biggest fan of Windows (strictly personal preference) but I used to love Windows 2000. It was clean, simple yet had a lot of power behind it. Yet Microsoft left telnet turn on by default (and this was back before most homes had routes and thus hardware firewalls).
It was an amazingly short sighted move, but such things were typical back then. And it's only from learning the hard way that we've managed to get to the stage we're at now.
However I think it's often forgotten that servers need a different set of security profiles depending on the server's role and where it is sat. For example, a webserver sat behind a hardware load balancer wouldn't necessarily need much SSH protection as the webfarm HTTP traffic should be on a different VLAN to the internal systems administration traffic (which in turn, would be another different VLAN to the company's staff VLAN). So it would be almost impossible to get access to an OpenSSH log in, let alone attack it. Where as most consumer VPS solutions put all their customer servers in the DMZ, which means it's up to the customer to provide software preventions to harden against access that would normally be protected with a complex hardware solution in more professional / clustered set ups.
And this is why you can't fully trust default configs; there simply is no "one size fits all" solution so package maintainers instead opt for the best compromises.
It was an amazingly short sighted move, but such things were typical back then. And it's only from learning the hard way that we've managed to get to the stage we're at now.
However I think it's often forgotten that servers need a different set of security profiles depending on the server's role and where it is sat. For example, a webserver sat behind a hardware load balancer wouldn't necessarily need much SSH protection as the webfarm HTTP traffic should be on a different VLAN to the internal systems administration traffic (which in turn, would be another different VLAN to the company's staff VLAN). So it would be almost impossible to get access to an OpenSSH log in, let alone attack it. Where as most consumer VPS solutions put all their customer servers in the DMZ, which means it's up to the customer to provide software preventions to harden against access that would normally be protected with a complex hardware solution in more professional / clustered set ups.
And this is why you can't fully trust default configs; there simply is no "one size fits all" solution so package maintainers instead opt for the best compromises.