-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build for headless usage #3
Conversation
Thanks for the PR! I think the better way to do this would be to create a new setting in settings.conf like ROOT_PUBKEY and install a preshared key in /root/.ssh/authorized_keys. I'm all for letting people shoot themselves in the foot, but this is giving them really big gun :P |
8d6bd6c
to
960a34b
Compare
Bump! I updated this PR based on your feedback. |
Other than the chmod'ing of the .ssh stuff, looks good. |
Actually, we could make this more automatic by putting the ssh key at a known filename in the resources directory. so bascially, if resources/authorized_keys exists, install that for the root user. Removes the need for ROOT_PUBKEY. |
Bump. Sorry about the extraordinarily long wait on this, but I've updated this PR based on your feedback. Would you mind taking another look? |
The final code looks good. Please squash these to a single commit though. No point in adding code just to remove it in the same PR. Thanks! |
Thanks! Squashed and rebased against master. |
This tool works very well for me (thanks!), except that I prefer to SSH into new images and provision them with Ansible, rather than using a display or a serial console to set them up interactively. So this PR adds scripts to (a) enable root login over SSH with an empty password, and (b) disable the initial-setup service, since I don't use it.
Of course, this is hilariously insecure and unusable for most people, so I don't expect you to merge this as-is. But I think it'd be a useful option. Any thoughts on how we should make this opt-in? Maybe a HEADLESS=1 environment variable or something?