[Chester LUG] Digitalocean users.. a question
Michael Crilly
michael at mcrilly.me
Thu Jul 30 12:42:58 UTC 2015
Steve,
Consider uses Vagrant for testing and development. It'll run the VM locally
and cost you nothing.
On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk> wrote:
> I personally feel as safe logging in as root with a key (and 2 factor on
> DO) then I do logging on with a password as a normal user If that user is
> setup to sudo anyway. Then again I only use it for test and dev.
>
>
>
> Steve
>
>
>
>
>
> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf Of
> *Les Pritchard
> *Sent:* 30 July 2015 13:24
> *To:* chester <chester at mailman.lug.org.uk>
> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>
>
>
> Yes, I'd agree with Mike on that. If you're creating the VPS manually you
> could use a temporary password for root, then create a standard user and
> disable the root.
>
>
>
> If you can, I'd also recommend locking down SSH to specific IPs or at
> least ranges.
>
>
>
> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>
> The initial root login is designed to give you an easy way in so you can
> configure the system, locking down root login and removing that key from
> the system (after adding additional users and allowing them to sudo to
> root.)
>
> Think of that initial SSH key as a deployment key - login once with it,
> then use Ansible to setup your system with new users and various other
> state.
>
> Cheers,
>
> Mike.
>
> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
> wrote:
>
> Hi Everyone,
>
>
>
> I am just in the process of moving over some sites to DO and I thought I
> would start using the stored SSH key system you can use when deploying your
> droplets. It works fine, no issues. Just I dont really feel comfortable
> logging in as root directly. Years of non root logins make me feel itchy
> about this.
>
>
>
> What does everyone else think? (I know you can alter and someone trying to
> crack a proper PKI implementation may have a long wait!) I was more
> concerned with it being out the box functionality.
>
> Regards
>
>
>
> Stuart
>
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/6ecc973e/attachment.html>
More information about the Chester
mailing list