You're correct and this pattern can be found in all such templates.
At the time it made sense as the only way to interact with a freshly
created container was through lxc-console which requires a password.
It's one of the many security reasons why we moved from lxc-templates to
distrobuilder and the current images that you're getting through the
"donwload" template and is why "lxc-templates" is no longer supported
upstream and was demoted to universe a few releases ago in Ubuntu.
I don't think doing any changes to those templates would be a good idea
though as the few remaining users are very much legacy users that may
break badly should we start modifying ssh configurations or change the
way user creation works.
Instead we've seen the vast majority of users switching to the new pre-
created images which don't have this issue nor any of the many many
others that can be found in lxc-templates.
** Changed in: lxc-templates (Ubuntu)
Status: New => Invalid
** Changed in: lxc-templates (Ubuntu)
Status: Invalid => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880387
Title:
Security risks: Creates user ubuntu with password ubuntu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc-templates/+bug/1880387/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
