On 15 Jul 2014, at 12:11, Karanbir Singh <mail-lists at karan.org> wrote: > On 07/14/2014 05:14 PM, Jimmy Kaplowitz wrote: >> As further data points, Debian on AWS EC2 uses the 'admin' username, and >> all Google-supported images on Google Compute Engine (including CentOS) >> don't have a default account at all, but rather use integrated SSH key >> management via our metadata server and an open source daemon we install >> into the guest. > > I really like this setup, its possible to implement with cloud-init and > some user-metadata injection at instantiation time, but no where as > simple as it is with the gce tools. > > For now, I'm going with 'centos'@ logins, lets see if we can work > through that a bit. Essentially that should be the setup. Cloudinit should create the default user on startup, not the build process that creates the image. The only user in the image ought to be root. It is the default config on cloud-init that creates a user and checks to make sure root is locked in the absence of any configuration userdata to the contrary. Certainly that’s how the Fedora and Ubuntu images work.