Re: Debian images on Amazon Web Services
Le Sat, Nov 03, 2012 at 11:45:15AM +0800, James Bromberger a écrit :
>
> I have an AWS account that I have created for us to present official
> Debian images to AWS. I intend to give access to any DD who wants it to
> create images, and all DDs access read-only so they can poke around. If
> you would like access, please contact me (jeb@debian.org) with a GPG
> signed message.
>
> I've been using the ec2debian-build-ami that Anders Ingemann has put on
> git hub (https://github.com/andsens/ec2debian-build-ami).
>
> Several things to note about the recommended settings for an AMI:
> https://aws.amazon.com/marketplace/help/200897460
>
> In particular:
>
> /Disable the remote root login for sshd (SSH daemon). Require all
> users to SSH in using their standard username. If they need to
> access root privileges, they should use the sudo command. Sudo
> allows you to control which users are allowed to perform root
> functions and logs the activity so that there is an audit trail./
>
>
> Shall we create a 'debian' user with sudo access to root?
Hi James,
thanks a lot for this initiative !
We defninitely need to follow the above recommendation to be credible to our
users.
Why not 'debian' as a default account, but perhaps we can chose an unbranded
name, to ease the work of derivative projects ? Is there a frequent name in
other OS images ? Something like 'administrator' would make clearer that the
default account is privileged.
For the login procedure, I think that it is strongly expected that using key
rather than a password will be required. Is ec2debian-build-ami setting up
such a procedure ? Otherwise, I think that cloud-init does. I will start
a separate thread about cloud-init.
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: