[ec2-beta] some feedback on the i386 image
Eric Hammond
ehammond at thinksome.com
Wed Jan 14 15:42:52 GMT 2009
Soren:
It seems to me that an empty password is similar security-wise to the
proposal of locking the password and allowing passwordless sudo.
A big benefit of the latter is that we can still write automated
software to ssh in and set up the system with sudo commands, even if ssh
to root is completely disabled.
I agree with disabling password based logins for all solutions. I have
done this for all of the Ubuntu AMIs I've built on http://alestic.com
and it is a standard recommendation from Amazon. Submitted LP#317141
--
Eric Hammond
ehammond at thinksome.com
Soren Hansen wrote:
> What I'd really like to do is to disable password based logins and use
> an empty password. This allows you to log in, and then gives you the
> same experience as the live cd. The problem being that if a malicious
> user manages to get hold of a shell somehow (web app compromise or
> whatever), they've effectively rooted the box.
>
More information about the Ec2-beta
mailing list