What Is Normally Disabled by Default on Most Linux Servers?

When you provision a fresh Linux server — be it a VPS, a bare-metal dedicated server, or a cloud-hosted virtual machine — you will notice that the system boots into a deliberately minimalist and hardened environment. This is not an oversight but an intentional design choice. Modern Linux distributions strip away unnecessary services and functionality to minimize the attack surface, conserve system resources, and give administrators fine-grained control over what is enabled. Below we’ll dissect the most common features and services that are disabled (or simply absent) by default, and why this matters for both security and operational efficiency.

Root SSH Login

Direct root login via SSH is almost universally disabled in contemporary Linux server builds. Allowing remote root access is a glaring vulnerability: a single compromised password equates to total system ownership.

Instead, administrators are expected to log in with a non-privileged user and escalate privileges via sudo or su.

Verification:

You should see:

Password Authentication in SSH

On many cloud-provisioned servers, password authentication is also disabled, leaving SSH keys as the only authentication mechanism. Keys are resistant to brute-force attacks and significantly raise the bar for unauthorized access attempts.

Traditional ISO installations may still permit password logins, but the best practice is to disable them immediately.

Verification:

Deprecated Network Protocols

Legacy services such as Telnet, FTP, Rlogin, and Rsh are absent from modern server builds. These protocols transmit credentials and data in cleartext, making them trivial to intercept.

They have been superseded by:

• SSH for remote shell access

• SFTP/FTPS for secure file transfers

Check for active services:

If ports like 21 (FTP) or 23 (Telnet) do not appear, those services are not running.

Graphical User Interfaces (GUI)

Unlike desktop distributions, server editions do not ship with GNOME, KDE, or other graphical environments. A GUI consumes memory and CPU cycles while introducing additional software dependencies that can widen the security footprint.

The expectation is clear: servers are to be managed via the CLI over SSH.

Development Toolchains

Compilers such as gcc and build utilities like make are intentionally absent in most minimal server images. The rationale is twofold:

1. To reduce the base image size.

2. To prevent an attacker, should they gain access, from compiling malicious binaries on the fly.

Check if GCC is present:

If the command returns not found, the toolchain is not installed.

Install manually if required:

ICMP (Ping)

Most Linux servers respond to ICMP echo requests by default, though some hosting providers disable it at the firewall level. Suppressing ICMP replies makes a server less visible to network scans, but it also interferes with monitoring and diagnostics.

Test:

IPv6

IPv6 is enabled by default in modern distributions such as Ubuntu, Debian, and RHEL derivatives. However, many hosting providers disable it at the network level if they do not offer IPv6 connectivity.

Check for IPv6 addresses:

Conclusion

Out-of-the-box Linux servers are intentionally provisioned in a secure, stripped-down state. Root SSH login is disabled, password authentication is often restricted, and legacy protocols are omitted entirely. No graphical environment is provided, and compilers are excluded from base builds.

By contrast, services such as ICMP and IPv6 remain enabled by default, but may be restricted depending on the provider’s security posture.

This philosophy of “secure by default, extensible by choice” ensures that administrators retain full agency: the server exposes only what is explicitly required for its intended role. It’s a model that maximizes both operational security and performance efficiency.