Hi there, I would appreciate some feedback on a few ideas for our Vagrant images. Our CentOS images for Vagrant are currently not setup according to the upstream recommendations for base boxes, and I'd like to change that. [1] Here's the list of necessary modifications: I. root password should be 'vagrant': already filed by Lalatendu Mohanty as issue #30 on GitHub [2]. I should mention that Karanbir Singh has some reservations related to security. However, the box already has passwordless sudo, and changing the root password is just a "sudo passwd" away (I tried, it warns about a bad password, but it accepts it). Although public key auth is enabled, password-based authentication isn't disabled, and sshd will happily let anyone log in to any public box as vagrant:vagrant. We should probably only allow local password logins (on the console), for both root and vagrant; not sure if the best way to enforce this is sshd_config or PAM. II. use /vagrant as the sync directory: we currently use /home/vagrant/sync, this change is already planned for the release following 1606 III. "UseDNS no" in sshd_config: this would make connections via ssh faster Additional ideas for optimization: IV. disable requiretty in /etc/sudoers: this allows users to enable the pipelining feature of the Ansible provisioner, which significantly increases its speed (it's about 2 times faster in my tests). [3] V. set GRUB_TIMEOUT to 1 or 0: this reduces or eliminates the waiting time before the default kernel is booted (the VM runs generally without a display, so it makes no sense to wait there) Best regards, Laurențiu [1] https://www.vagrantup.com/docs/boxes/base.html [2] https://github.com/CentOS/sig-cloud-instance-build/issues/30 [3] https://docs.ansible.com/ansible/intro_configuration.html#pipelining