Thanks! BTW. I just noticed that every user on vms created with Vagrant is in fact admin... one can always ``` su - vagrant ``` On 6 October 2016 at 20:30, Laurențiu Păncescu <lpancescu at gmail.com> wrote: > Hi Rafal, > > On Thu, Oct 6, 2016 at 5:57 PM, Rafal Skolasinski < > r.j.skolasinski at gmail.com> wrote: > >> Thanks for detailed information! I am using playbooks to create vms on a >> remote host and then I want to run another playbook to configure them. >> > > For me, the most amazing feature of Vagrant was to be able to use just one > Vagrantfile to control both local development VMs, to production servers, > and to change from one to the other with just one command. There are > Vagrant plugins for pretty much every provider with an API: big "cloud" > providers like AWS, Google Cloud or Azure, VPS hosters like Digital Ocean, > Vultr or Linode, and also other cloud solutions like OpenShift, OpenStack > and CloudStack. You can also use the libvirt plugin with both local and > remote servers, it comes with plugins for most virtualization providers and > Docker, and there's even a plugin for dedicated servers (when there's no > API for controlling their creation and destruction). Being able to do: > > vagrant up --provider virtualbox > vagrant up --provider aws > vagrant up --provider digitalocean > > and move seamlessly between providers, provisioning everything with > Ansible, is just priceless. I wouldn't go back to plain Ansible and writing > dynamic inventory scripts. > > >> I want to enable password authentication only for a moment of initial >> configuration and then disable it again - I believe this should[n't] cause >> any security risk. >> > > The risk is small, but not zero. If someone's script hits your server in a > critical moment, your server becomes his. This is not just theoretical: > during Blaster (a Windows worm), a former colleague had installed Windows > 2000 more than 12 times, and went directly to download the hotfix from > Microsoft, which took less than a minute - and got infected every single > time. And I've heard people complaining about getting hacked in the first 5 > minutes after imaging a new Linux VPS, before they had the time to disable > password logins (they had chosen their own passwords - apparently not that > unique). But that's for you to decide - good luck! :) > > Best regards, > Laurențiu > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > https://lists.centos.org/mailman/listinfo/centos-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161007/bae9a2e5/attachment-0008.html>