[CentOS-devel] password ssh-ing in Centos/7 Vagrant box

Fri Oct 7 11:00:37 UTC 2016
Rafal Skolasinski <r.j.skolasinski at gmail.com>

Thanks!

BTW. I just noticed that every user on vms created with Vagrant is in fact
admin... one can always
```
su - vagrant
```

On 6 October 2016 at 20:30, Laurențiu Păncescu <lpancescu at gmail.com> wrote:

> Hi Rafal,
>
> On Thu, Oct 6, 2016 at 5:57 PM, Rafal Skolasinski <
> r.j.skolasinski at gmail.com> wrote:
>
>> Thanks for detailed information! I am using playbooks to create vms on a
>> remote host and then I want to run another playbook to configure them.
>>
>
> For me, the most amazing feature of Vagrant was to be able to use just one
> Vagrantfile to control both local development VMs, to production servers,
> and to change from one to the other with just one command. There are
> Vagrant plugins for pretty much every provider with an API: big "cloud"
> providers like AWS, Google Cloud or Azure, VPS hosters like Digital Ocean,
> Vultr or Linode, and also other cloud solutions like OpenShift, OpenStack
> and CloudStack. You can also use the libvirt plugin with both local and
> remote servers, it comes with plugins for most virtualization providers and
> Docker, and there's even a plugin for dedicated servers (when there's no
> API for controlling their creation and destruction). Being able to do:
>
> vagrant up --provider virtualbox
> vagrant up --provider aws
> vagrant up --provider digitalocean
>
> and move seamlessly between providers, provisioning everything with
> Ansible, is just priceless. I wouldn't go back to plain Ansible and writing
> dynamic inventory scripts.
>
>
>> I want to enable password authentication only for a moment of initial
>> configuration and then disable it again - I believe this should[n't] cause
>> any security risk.
>>
>
> The risk is small, but not zero. If someone's script hits your server in a
> critical moment, your server becomes his.  This is not just theoretical:
> during Blaster (a Windows worm), a former colleague had installed Windows
> 2000 more than 12 times, and went directly to download the hotfix from
> Microsoft, which took less than a minute - and got infected every single
> time. And I've heard people complaining about getting hacked in the first 5
> minutes after imaging a new Linux VPS, before they had the time to disable
> password logins (they had chosen their own passwords - apparently not that
> unique). But that's for you to decide - good luck! :)
>
> Best regards,
> Laurențiu
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20161007/bae9a2e5/attachment-0008.html>