Creating Linodes without root passwords and mandating key authentication?
When creating Linodes, is there any way to do so without a root password being set and also disabling password based authentication entirely, mandating the use of key based authentication only?
Right now I'm just mashing my keyboard when it asks for a root password…
It'd also be nice if there was an option to specify a given ssh key as the default to be used for new nodes.
4 Replies
You should always specify a root password. Never know when you'll need to log into the console as root. Otherwise you'd have to go even further and boot with init=/bin/bash to reset it (or use the Linode Manager's reset tool).
Recent versions of OpenSSH default to not allowing password authentication for root, even if password authentication is enabled. You can always adjust sshd_config to your liking in a StackScript or with your configuration management tool of choice.
For the kind of deployments we're doing we have no reason. It'd be easier just to re-build the instance than to bother if we couldn't login as root with a key. Some other cloud providers actually require that you specify a key and don't even allow password based logins.
bbigger
Linode Staff
We do have plans to allow for provisioning Linodes with root password disabled, though we don't have a timeframe on when this will make it to production (I've added this post to our internal tracker on the task).
In the meantime, you may find it helpful to create a StackScript that disables the root password — you'll still need to set one when you deploy, but can disable it with passwd -d via StackScript.
zliang27
Linode Staff
Hey there, you can now provision a password disabled Linode with cloud-init SSH config. See the following guides/docs for details.
https://www.linode.com/docs/guides/configure-and-secure-servers-with-cloud-init/#harden-ssh
https://www.linode.com/docs/products/compute/compute-instances/guides/metadata/