[CentOS-devel] password ssh-ing in Centos/7 Vagrant box
Laurentiu Pancescu
lpancescu at gmail.com
Mon Oct 10 13:51:38 UTC 2016
On 10/10/16 14:08, Michael Vermaes wrote:
> On Sat, Oct 8, 2016 at 4:22 PM, Laurentiu Pancescu <lpancescu at gmail.com> wrote:
> Do you mind letting us know how the configuration would be fixed to
> address this? For what it's worth, in my opinion it would be more
> surprising for this behaviour to change. I think a Vagrant box is
> assumed to be a 'disposable', single user environment as you
> mentioned. Things like the well known insecure passwords and ssh key
> contribute to a standard Vagrant experience across boxes from
> different distributions.
The images would still follow the upstream recommendations, I have no
intention of changing the default SSH key or password. In my local
implementation:
- vagrant and root can use su and sudo without limitations (no change)
- other users can't use sudo... (no change)
- ...but can still su to any accounts except root or vagrant
This matches the sudo configuration pretty closely. An alternative
would be to add vagrant to the wheel group, and allow anyone in the
wheel group to use su (with password) or sudo (without password). You
could add your own users to the wheel group if you wanted to, but it
would be a conscientious decision to give someone admin privileges,
rather than the default when calling useradd. If you didn't create
additional users, you wouldn't be affected in either scenario.
The intention is just to prevent beginners from shooting themselves in
the foot when sharing a box with a public IP. I'm open to arguments for
either solution, as well as other alternatives.
Laurențiu
More information about the CentOS-devel
mailing list