On Wed, Jul 16, 2014 at 1:03 AM, Jimmy Kaplowitz jkaplowitz@google.com wrote:
Hi Nico,
Regarding your specific concerns about root's passwd data, we don't change that. I forget whether we change CentOS's root SSH login setting; we do change a few other things like disabling password SSH auth and putting in some connection keepalive settings, but it's quite close to stock config. We try to keep our deviations justifiable, and if you think any are not, we'd like to hear about them. :) As one example justification, the SSH connection keepalive is because TCP connections that remain idle too many minutes will get dropped by the GCE firewall.
- Jimmy
We aren't changing root's passwd data.
Good. It sounds like you are doing a thoughtful, cautious job and weighing the consequences before changing defaults.