Looking at the /etc/shadow in our official AMI ami-6e3a6a2b, I observed that root and ec2-user have passwords. Why are they left in? I suppose they do not hurt much, since sshd_config sets PasswordAuthentication and PermitRootLogin to no. Still, I'm just curious what they are. Even better, let's think in reverse: if the creator accidentially used a real root password, can I crack any interesting servers by cracking the root password and then applying it to bits of Fedora infrastructure (I know it's not 3-DES anymore, but still)? -- Pete _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
