On Thu, 2020-03-26 at 14:33 +0100, Erik Skultety wrote: > Unlike with the 'test' flavour, where the 'test' user has sudo > permissions on the system, with machines set up with the 'gitlab' > flavour which are intended to contact the outside world which, we don't > want that. More importantly though, we must not use the default root > password which is set by the install script on such machines. > Therefore, set the root password to a random one as part of the gitlab > flavour task, thus only allowing SSH pubkey authentication for the root > account. I'm confused by this. If we want the root account to only be accessible via SSH with a pubkey, then we can configure sshd accordingly: setting a random password which is not stored anywhere prevents access not only via SSH, but also via local access (eg. serial console), which I don't think is desirable. Moreover, the root password that is set in the first place is taken from a mandatory user-provided configuration file, and I'm not sure we should be condescending towards users by basically saying "we know you didn't choose a secure password, so we're going to generate a new one ourselves". What am I missing? -- Andrea Bolognani / Red Hat / Virtualization
