On 3/11/2012 1:33 PM, Charles Plessy
wrote:
We defninitely need to follow the above recommendation to be credible to our users. Why not 'debian' as a default account, but perhaps we can chose an unbranded name, to ease the work of derivative projects ? Is there a frequent name in other OS images ? Something like 'administrator' would make clearer that the default account is privileged. I'm happy with either. I suspect that part of the naming of the account being distro-specific is that it adds to the ambiguity of security-by-obscurity! But then we get defeated by the SSH banner: SSH-2.0-OpenSSH_6.0p1 Debian-3 Yes, the ec2debian-build-ami script is disabling password authentication; I've just corresponded with Anders, and he is looking at a plugin for that script to create the named user. I'm also doing some hacking on this, but my time is rapidly disappearing so I don't know who will get there first. This build script is also setting up to execute User Data if it is executable. Its not full cloud-init support (which would be great), but its functional to script upon boot.For the login procedure, I think that it is strongly expected that using key rather than a password will be required. Is ec2debian-build-ami setting up such a procedure ? Otherwise, I think that cloud-init does. I will start a separate thread about cloud-init. James |