On Mon, Dec 10, 2018 at 10:17:23AM +0100, Thomas Goirand wrote: :On 12/9/18 8:15 PM, Bastian Blank wrote: :> On Sun, Dec 09, 2018 at 05:48:20PM +0100, Thomas Goirand wrote: :>> If the question is "should we have a generic password", IMO the answer :>> is obviously no. The goal of the Debian image is really not the same as :>> the Cirros one, and having a well-known password is a security problem. :> :> No, we don't want a password. But we can have a null-password set, :> which can be used from secure terminals, aka tty0 and ttyS0.
Making this easy to enable is good, making it default is bad. As a private cloud operator it may be useful for me to have privileged console access to all my users' VMs but it's not a good line to break by default. (yes I have "physical access" and could clone the storage etc, etc, but presumably in larger operations there's a smaller set of people who can do that than the set of people who can access VM consoles) -Jon
