On Wed, 21 Dec 2016, Michael Felt wrote: > The default behavior in some linux distributions is to disable login to root > regardless of where the user is coming. Having a way to set this, regardless > of the distro default I see as a big plus - HOWEVER, from an AIX viewpoint I > have a question/comment. > > Within AIX (and maybe Linux, freebsd, et al) it is possible to distinguish > between login from a remote location (i.e., via network) or "local" - via > console or physical COM (rs232) port. I expect the cloud-init model is as I > have experienced (limited) Linux. Login is available/permited regardless of > "wherefrom", or it is denied - regardless. > > What I would like to see (read, what I recommend) for root on AIX, is that by > default "remote" login is disabled, but "local" login is permitted. In other > words, login via a virtual console (via HMC or IVM) is permitted, otherwise - > not. > > So, I would add an extra setting: > > disable_root: false|true|remote
Currently, disable_root is only used in the cc_ssh.py, and only actually affects remote logins (and even then, only those via ssh). It does that through .ssh/authorized_keys. > and the default is true for cloud-init (aix distro would change it's value to > remote). So, assuming you have a password configured, thats' what you'd get right now for the limited set of remote logins of 'ssh'. -- Mailing list: https://launchpad.net/~cloud-init Post to : [email protected] Unsubscribe : https://launchpad.net/~cloud-init More help : https://help.launchpad.net/ListHelp
