Hello, list-- First of all, I'm new here, and have only begun to learn about Ansible, but so far I am really impressed with the tool and the documentation. So, many thanks to the devs for that.
Anyway, I have a cloud VPS account with a hosting provider, where I plan on setting up some number of web servers, and probably other servers for backend services like databases. My OS of choice is FreeBSD 10; as far as I can tell, my provider (Greenqloud) does not give me the ability to replicate a fully-configured VPS, so I want to use Ansible to configure the system and install the necessary software. Now, FreeBSD doesn't have Python installed by default, and there are some security measures I want to take before I start installing anything. Like this: 1. Create a normal user account, and set its password. 2. Disallow root logins. 3. Change the SSHD port. 4. Upload an authorized_keys file for the normal user. 5. Disallow password authentication (actually it's PAM challenge-response ... but anyway, I want to allow only public key authentication). 6. Install python, py-simplejson, and sudo. So, a couple of questions about this: I understand that if I did step 6 first, I could probably do everything else with standard modules. But I feel it is important to tighten up SSH access first. Or do you think I'm being too paranoid? Once upon a time I might have thought so, but then I found out how many hits I was getting on port 22 from random hosts all over the world--scared the bejeezus out of me. Anyway, do you agree with my approach in principle? The other thing I'm wondering is how to set the password for the new user. The documentation for the 'pw' utility states that it is possible to read a password from stdin or specified file descriptor, and you can also pass an encrypted password on the command line, but you cannot directly pass a clear-text password on the command line. So, any suggestions on this would be appreciated (and BTW, the default shell is csh). Thanks for all info! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/54605a83-b61a-473f-8822-057cd8295ecd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
