[Chester LUG] Digitalocean users.. a question

Michael Crilly michael at mcrilly.me
Thu Jul 30 12:47:46 UTC 2015


Niche? Virtually industry standard alongside Puppet.

Unworkable? I've got it automatically provisioning entire environments with
HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot.

Whatever happened to a tradesmen never blaming his tools?

Also, OSS generally accepts pull requests for bugs and improvements - hop
to it ;-)
On 30 Jul 2015 10:45 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
wrote:

> We woud Mike if it wasn't so friggin' niche and unworkable for the most
> part ;)
>
>
> On 30 July 2015 at 13:42, Michael Crilly <michael at mcrilly.me> wrote:
>
>> Steve,
>>
>> Consider uses Vagrant for testing and development. It'll run the VM
>> locally and cost you nothing.
>> On 30 Jul 2015 10:41 pm, "Steve Lilley" <steve.lilley at beebl.co.uk> wrote:
>>
>>> I personally feel as safe logging in as root with a key (and 2 factor on
>>> DO) then I do logging on with a password as a normal user If that user is
>>> setup to sudo anyway. Then again I only use it for test and dev.
>>>
>>>
>>>
>>> Steve
>>>
>>>
>>>
>>>
>>>
>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf
>>> Of *Les Pritchard
>>> *Sent:* 30 July 2015 13:24
>>> *To:* chester <chester at mailman.lug.org.uk>
>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question
>>>
>>>
>>>
>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually
>>> you could use a temporary password for root, then create a standard user
>>> and disable the root.
>>>
>>>
>>>
>>> If you can, I'd also recommend locking down SSH to specific IPs or at
>>> least ranges.
>>>
>>>
>>>
>>> On 30 July 2015 at 13:17, Michael Crilly <michael at mcrilly.me> wrote:
>>>
>>> The initial root login is designed to give you an easy way in so you can
>>> configure the system, locking down root login and removing that key from
>>> the system (after adding additional users and allowing them to sudo to
>>> root.)
>>>
>>> Think of that initial SSH key as a deployment key - login once with it,
>>> then use Ansible to setup your system with new users and various other
>>> state.
>>>
>>> Cheers,
>>>
>>> Mike.
>>>
>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" <stuart.james.burns at gmail.com>
>>> wrote:
>>>
>>> Hi Everyone,
>>>
>>>
>>>
>>> I am just in the process of moving over some sites to DO and I thought I
>>> would start using the stored SSH key system you can use when deploying your
>>> droplets. It works fine, no issues. Just I dont really feel comfortable
>>> logging in as root directly. Years of non root logins make me feel itchy
>>> about this.
>>>
>>>
>>>
>>> What does everyone else think? (I know you can alter and someone trying
>>> to crack a proper PKI implementation may have a long wait!) I was more
>>> concerned with it being out the box functionality.
>>>
>>> Regards
>>>
>>>
>>>
>>> Stuart
>>>
>>>
>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>>>
>>> _______________________________________________
>>> Chester mailing list
>>> Chester at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>>
>>>
>> _______________________________________________
>> Chester mailing list
>> Chester at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/chester
>>
>>
>
>
> --
> Stuart Burns
> E: stuart.james.burns at gmail.com
> M: [redacted]
>
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20150730/8b7e51fa/attachment.html>


More information about the Chester mailing list