On Wed, Jul 16, 2014 at 1:03 AM, Jimmy Kaplowitz <jkaplowitz at google.com> wrote: > Hi Nico, > Regarding your specific concerns about root's passwd data, we don't change > that. I forget whether we change CentOS's root SSH login setting; we do > change a few other things like disabling password SSH auth and putting in > some connection keepalive settings, but it's quite close to stock config. We > try to keep our deviations justifiable, and if you think any are not, we'd > like to hear about them. :) As one example justification, the SSH connection > keepalive is because TCP connections that remain idle too many minutes will > get dropped by the GCE firewall. > > - Jimmy > > We aren't changing root's passwd data. Good. It sounds like you are doing a thoughtful, cautious job and weighing the consequences before changing defaults.