On Tue, Mar 25, 2014 at 03:08:18PM +0000, Matthew Vernon wrote: > Colin Watson <[email protected]> writes: > > After (how can I put it) extensive and heated discussion over many > > years, I intend to change sshd_config in new installations of > > openssh-server to use "PermitRootLogin without-password" rather than > > "PermitRootLogin yes". > > How are we going to deal with the bootstrapping problem? i.e. how are > we expecting people to populate /root/.ssh/authorized_keys for new > installs?
There are a number of plausible ways to go about that: * go via the first user + sudo/su/etc. * put key in place via d-i preseed/late_command or similar (this is already pretty common practice - I see it a *lot* in installation reports) * put key in place via puppet or similar (rather like the last method but more comprehensive) * temporary console access I'd expect at least one of those approaches to be available in virtually all environments. -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
