SSH rootkey configuration is too open

[arlimus]

ssh keys for root are supported in the manner that fnichol/chef-user works. However, it has a bug: it pulls in users that aren't active.

We have a choice to make for 1.0 release: Either support ssh root keys fully, with the active users configuration of chef-user, or remove this support entirely.

Adding rootkey configuration in this manner is a 2year-old workaround to configure a server with keys for user root. We have to decide if this is still in scope of hardening. Feedback welcome.

[bkw]

I'd vote for removing the root key support alltogether. I've had good results with a combination of the users and sudo cookbooks to configure admin access. The only times when I only even touched the user bag for this cookbook was by creating an empty bag because the cookbook insists on the bloody thing to exist in the first place (PR fixing that coming up next).

I also would not expect a hardening cookbook to manage authorized_keys, except for fixing its permissions or removing non-compliant entries or that kind of stuff.

my 2ct anyway.

[chris-rock]

From my perspective, we should be focussing on ssh. The current setup is confusing for users (I had discussions about this topic). Instead we should remove this support and ensure that it works well with the other user management modules like fnichol/chef-user. +1 from my side

[chris-rock]

Since this is a breaking change, we should schedule it for the next version. As an intermediate solution, we should add a deprecation warning.