Re: Allowing login via (serial) console by default
On 12/8/18 9:47 PM, Bastian Blank wrote:
> Moin
>
> More and more cloud environments provide easy non-network access to
> virtual machines, either via serial console or graphical console.
>
> Does anyone know if other distributions make sure you can actually login
> to any of those consoles on initial boot? I know that cirros (some
> demonstration OS) set's a well-known password for an account.
>
> Should we do something about that?
If the question is "should we have a generic password", IMO the answer
is obviously no. The goal of the Debian image is really not the same as
the Cirros one, and having a well-known password is a security problem.
As for "non-network" access to virtual machines, well, I wrote it
multiple times in this list. Our images must be able to allow login (ie:
getty login...) through:
- tty0
- ttyS0
As well, our images must have the below component write to serial:
- grub
- kernel (with *both* earlyprintk= and console= directive set correctly)
As for OpenStack, most of the time, users will use tty0 through VNC or
SPICE to see the login prompt, and ttyS0 to see the boot logs. Though
these days, there's also a serial console terminal.
I hope this helps,
Cheers,
Thomas Goirand (zigo)
Reply to: