Build for headless usage #3
Conversation
|
Thanks for the PR! I think the better way to do this would be to create a new setting in settings.conf like ROOT_PUBKEY and install a preshared key in /root/.ssh/authorized_keys. I'm all for letting people shoot themselves in the foot, but this is giving them really big gun :P |
adammck
force-pushed
the
headless
branch
8 times, most recently
from
8d6bd6c
to
960a34b
Compare
|
Bump! I updated this PR based on your feedback. |
|
Other than the chmod'ing of the .ssh stuff, looks good. |
|
Actually, we could make this more automatic by putting the ssh key at a known filename in the resources directory. so bascially, if resources/authorized_keys exists, install that for the root user. Removes the need for ROOT_PUBKEY. |
|
Bump. Sorry about the extraordinarily long wait on this, but I've updated this PR based on your feedback. Would you mind taking another look? |
|
The final code looks good. Please squash these to a single commit though. No point in adding code just to remove it in the same PR. Thanks! |
|
Thanks! Squashed and rebased against master. |
This tool works very well for me (thanks!), except that I prefer to SSH into new images and provision them with Ansible, rather than using a display or a serial console to set them up interactively. So this PR adds scripts to (a) enable root login over SSH with an empty password, and (b) disable the initial-setup service, since I don't use it.
Of course, this is hilariously insecure and unusable for most people, so I don't expect you to merge this as-is. But I think it'd be a useful option. Any thoughts on how we should make this opt-in? Maybe a HEADLESS=1 environment variable or something?