Colin Watson <[email protected]> writes: > There are a number of plausible ways to go about that:
> * put key in place via d-i preseed/late_command or similar (this is > already pretty common practice - I see it a *lot* in installation > reports) We do this, but via FAI, and have been doing so for years. At least if you're using FAI, the original root password is effectively public to any host that could potentially boot off of the FAI servers, since at the point at which the system is being bootstrapped it usually can't authenticate itself. So public key is a natural fit for the security model that you need. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
