Disable login with password! #98
Comments
|
CirrOS is meant to be a test image to be used in a CI environment or similar, so the fixed login via a password is a feature. We explicitly state that it should not be deployed anywhere where there is public access. Seems for you use case some other distro would be more suited, have you looked at alpine maybe? |
|
@osfrickler Dear Jens, Thanks for the reply but Non of the other distros has the cloud image in size of the CirrOS { small in size } The cirros uses dropbear, it has the option to disable pasword login for remote connections. but it doesnt work! Best regards |
|
Is there anyway that "JUST authorized_keys" be able to login? ( Not any other ways, including passwords login , ...) |
|
@osfrickler We have a similar use case: we use CirrOS for validating OpenStack with Tempest. On some deployments we have to use networks exposed to the Internet. I would be great if the CirrOS project would publish an alternative version of the image with no password built-in. |
|
@priteau |
Hi
I've been using cirros as an Entrypoint to some of openstack's VM (VNFs) using SSH and it is great. Thanks to the dev team!
But there might be some Risky ( hazardous ) situations when login with Password is Enabled ( like bruteforce ).
I've always used keypair for SSH login (
ssh -i A.pem user@IP) and changed the default password, But i'm not sure if there is a way to disable logging in with password for root/user?P.S: I'm using Cloud image
Thanks
Best regards
The text was updated successfully, but these errors were encountered: