Re: Fedora 23 Cloud Atomic Developer Mode Preview

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One other idea:

We simply do this by default for all cloud images, without a timeout - if no cloud-init metadata is provided, you can log in to the hypervisor console and see an autogenerated root password.

I'd say we should also ensure that *remote* ssh access is disabled in this scenario - if you want to log in over ssh, you'd need to change the password and enable remote ssh password auth (cloud-init disables it by default).

It'd be a notable policy change, but in practice I think quite secure - if you have access to the hypervisor console you tend to have total control over a system anyways.  And we're only talking about cloud images, not bare metal.
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/cloud@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux