search

Azure / azure-init

A minimal provisioning agent designed for Azure Linux VMs.
MIT License
10 stars 11 forks source link

[RFE] Disable provisioning with password #52

Open anhvoms opened 7 months ago

anhvoms commented 7 months ago

Current situation

azure-init allows customers to provision Linux VMs with an admin password.

Impact

Password is not as secure as ssh-key. Using password leaves the VM more vulnerable to brute-force attack.

Ideal future situation

Not supporting password provisioning.

**Implementation options

A couple options 1) Disable password support completely. Note that Azure does allow customers to provide password to provision VM. In that case azure-init should fail provisioning if password is given. 2) Allow the customer to choose to keep password support as a compile-time configurable option (but disable it by default)

dongsupark commented 6 months ago

As discussed, let's bring back password provisioning only in libazureinit, as that could be used in the future for some cases.

We also have to bring back {mount,unmount}_media parts that were dropped by accident.