One other idea: We simply do this by default for all cloud images, without a timeout - if no cloud-init metadata is provided, you can log in to the hypervisor console and see an autogenerated root password. I'd say we should also ensure that *remote* ssh access is disabled in this scenario - if you want to log in over ssh, you'd need to change the password and enable remote ssh password auth (cloud-init disables it by default). It'd be a notable policy change, but in practice I think quite secure - if you have access to the hypervisor console you tend to have total control over a system anyways. And we're only talking about cloud images, not bare metal. _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/cloud@xxxxxxxxxxxxxxxxxxxxxxx