On Wed, Nov 13, 2019 at 12:30:13AM -0800, ks Iam wrote: > So now it leave us with 2 options: > 1. as our vendor proposed, to enable root login through SSH with no > password, and authenticate with keys; > 2. To rely on Ansible become plugin with become method su (since sudo is > not an option). > > With that I would like to seek advice on which will be the better in terms > of security. Not sure whether this becomes an opinion based question and a > bit out of topic though, but I appreciate any input.
If you login as root, every task is run as root, but if you use su you can choose which task(s) to run as root. And choosing su will preserve your which in you first post "keep the hardening checklist intact". -- Kai Stian Olstad -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20191113141042.rsfv6j5pjcpxv6yk%40olstad.com.
