On 12/8/18 9:47 PM, Bastian Blank wrote: > Moin > > More and more cloud environments provide easy non-network access to > virtual machines, either via serial console or graphical console. > > Does anyone know if other distributions make sure you can actually login > to any of those consoles on initial boot? I know that cirros (some > demonstration OS) set's a well-known password for an account. > > Should we do something about that?
If the question is "should we have a generic password", IMO the answer is obviously no. The goal of the Debian image is really not the same as the Cirros one, and having a well-known password is a security problem. As for "non-network" access to virtual machines, well, I wrote it multiple times in this list. Our images must be able to allow login (ie: getty login...) through: - tty0 - ttyS0 As well, our images must have the below component write to serial: - grub - kernel (with *both* earlyprintk= and console= directive set correctly) As for OpenStack, most of the time, users will use tty0 through VNC or SPICE to see the login prompt, and ttyS0 to see the boot logs. Though these days, there's also a serial console terminal. I hope this helps, Cheers, Thomas Goirand (zigo)
