[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allowing login via (serial) console by default

On Mon, Dec 10, 2018 at 10:17:23AM +0100, Thomas Goirand wrote:
:On 12/9/18 8:15 PM, Bastian Blank wrote:
:> On Sun, Dec 09, 2018 at 05:48:20PM +0100, Thomas Goirand wrote:
:>> If the question is "should we have a generic password", IMO the answer
:>> is obviously no. The goal of the Debian image is really not the same as
:>> the Cirros one, and having a well-known password is a security problem.
:> 
:> No, we don't want a password.  But we can have a null-password set,
:> which can be used from secure terminals, aka tty0 and ttyS0.

Making this easy to enable is good, making it default is bad.

As a private cloud operator it may be useful for me to have privileged
console access to all my users' VMs but it's not a good line to break by
default.

(yes I have "physical access" and could clone the storage etc, etc,
but presumably in larger operations there's a smaller set of people
who can do that than the set of people who can access VM consoles)

-Jon
Reply to: